Heartbleed bug - Page 3

eschwartz · 04-11-2014, 02:43 PM

Quote:

Originally Posted by daffy4u

I use gibberish for answers to my security questions. Example: Q = What town were you born in? A = @8ndhr38& (not my real answer

). I do store the answers in LastPass and the answers to the same questions on other sites is different gibberish.

DiapDealer · 04-11-2014, 03:08 PM

If someone takes the time to learn enough about me to be able to guess my honestly answered security questions, I'm pretty certain I'm doomed already. Nobody's personal info is going to remain secure if they're personally targeted by a proficient, determined thief anyway. Which is why I don't waste time/energy (or sacrifice convenience) by recording/remembering gibberish security answers to try and safeguard against them. I do enough to keep the dumb, drive-by thieves thwarted. The rest will just cause me needless work (and/or make someone else money).

daffy4u · 04-11-2014, 03:26 PM

Quote:

Originally Posted by DiapDealer

If someone takes the time to learn enough about me to be able to guess my honestly answered security questions, I'm pretty certain I'm doomed already.

So DD, what city were you born in? Just makin' conversation.

DiapDealer · 04-11-2014, 03:31 PM

Quote:

Originally Posted by daffy4u

So DD, what city were you born in? Just makin' conversation.

Well, curiously enough, I was born in a sm—Hey!! I see what you tried to do right there!

daffy4u · 04-11-2014, 03:33 PM

Quote:

Originally Posted by DiapDealer

Well, curiously enough, I was born in a sm—Hey!! I see what you tried to do right there!

Drats! I just flunked my "Social Engineering 101" final.

I'm going to have to repeat the class. <sigh>

DiapDealer · 04-11-2014, 04:31 PM

Quote:

Originally Posted by daffy4u

Drats! I just flunked my "Social Engineering 101" final.

I'm going to have to repeat the class. <sigh>

Well, if it's any consolation, I will admit this much:

"I was born in a crossfire hurricane."

daffy4u · 04-11-2014, 06:56 PM

Quote:

Originally Posted by DiapDealer

Well, if it's any consolation, I will admit this much:

"I was born in a crossfire hurricane."

So "Miami, Florida". Thanks! It may not be too late get my grade changed.

xg4bx · 04-11-2014, 07:22 PM

NSA Knew about the Heartbleed Bug and Exploited it for Years

http://scgnews.com/nsa-knew-about-th...d-it-for-years

rollei · 04-13-2014, 09:46 PM

Quote:

Originally Posted by speakingtohe

Revenue Canada has shut down their internet services de to the heartbleed bug.

http://www.cra-arc.gc.ca/menu-eng.html#msg

http://lifehacker.com/what-the-heart...you-1560801201

http://heartbleed.com/

More than a smidge scary

Helen

CRA has fixed the heartbleed security bug and deadline for filing has been extended for a period equal to the length of this service interruption (May 5 according to Revenue Canada website).

dakini · 04-13-2014, 11:25 PM

question for folks: i've confirmed my andriod tablet has the heartbleed vulnerability (in 4.1.1.).

i'm getting conflicting information about whether device-side vulnerability matters. some sites say not to connect the device to the web until a patch comes out. others say it only matters when connecting to a compromised website.

since android seems to rarely be updated on devices (this device has never had an o/s update), i'm curious how worried i should be about this.

kovidgoyal · 04-14-2014, 02:43 AM

A client side vulnerability can be exploited in two ways:

1) If the client connects to a malicious server

2) If a malicious party (Eve) can hijack the internet connection the client uses to perform a Man-in-the-middle attack. Doing that means that Eve can redirect http requests the client makes to a malicious server, and thereby scan the memory space of the client. Most http clients silently follow redirects with no user interaction.

To summarize:

1) Only matters if you connect to a bad server

2) Only matters if you believe someone can intercept your internet connection. This is not something an ordinary hacker typically has the resources for, but would be fairly easy for a state actor like the NSA. And of course if you are using a public WiFi network or the like, then pretty much any script kiddie can hijack your network connection.

rollei · 04-17-2014, 12:20 AM

RCMP caught this guy who stole SIN numbers from CRA site

http://www.ctvnews.ca/canada/rcmp-ch...each-1.1778934

04-11-2014, 03:08 PM	#32
DiapDealer Grand Sorcerer Posts: 28,574 Karma: 204127028 Join Date: Jan 2010 Device: Nexus 7, Kindle Fire HD	If someone takes the time to learn enough about me to be able to guess my honestly answered security questions, I'm pretty certain I'm doomed already. Nobody's personal info is going to remain secure if they're personally targeted by a proficient, determined thief anyway. Which is why I don't waste time/energy (or sacrifice convenience) by recording/remembering gibberish security answers to try and safeguard against them. I do enough to keep the dumb, drive-by thieves thwarted. The rest will just cause me needless work (and/or make someone else money). Last edited by DiapDealer; 04-11-2014 at 03:11 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Glo Is this another bug ?	stethorn	Kobo Reader	14	08-10-2013 11:49 AM
0.6.1 bug	mrmikel	Sigil	8	12-04-2012 08:31 AM
DR800 Help, I've got a bug!! A bug on my screen!!	Franky	iRex	4	06-21-2011 11:45 AM
Embedded font bug or CSS bug in ADE	JSWolf	ePub	10	06-11-2011 02:34 PM
PRS-505 bug or eBookLib bug?	porkupan	Sony Reader	3	10-07-2007 10:44 PM

04-11-2014, 07:22 PM	#38
xg4bx Are you gonna eat that? Posts: 1,633 Karma: 23215128 Join Date: Jun 2011 Location: Phillipsburg, NJ Device: Kindle 3, Nook STG	NSA Knew about the Heartbleed Bug and Exploited it for Years http://scgnews.com/nsa-knew-about-th...d-it-for-years

04-13-2014, 11:25 PM	#40
dakini not "it" Posts: 236 Karma: 1687996 Join Date: Aug 2012 Device: Kindle 7th gen	question for folks: i've confirmed my andriod tablet has the heartbleed vulnerability (in 4.1.1.). i'm getting conflicting information about whether device-side vulnerability matters. some sites say not to connect the device to the web until a patch comes out. others say it only matters when connecting to a compromised website. since android seems to rarely be updated on devices (this device has never had an o/s update), i'm curious how worried i should be about this.

04-14-2014, 02:43 AM	#41
kovidgoyal creator of calibre Posts: 45,359 Karma: 27182818 Join Date: Oct 2006 Location: Mumbai, India Device: Various	A client side vulnerability can be exploited in two ways: 1) If the client connects to a malicious server 2) If a malicious party (Eve) can hijack the internet connection the client uses to perform a Man-in-the-middle attack. Doing that means that Eve can redirect http requests the client makes to a malicious server, and thereby scan the memory space of the client. Most http clients silently follow redirects with no user interaction. To summarize: 1) Only matters if you connect to a bad server 2) Only matters if you believe someone can intercept your internet connection. This is not something an ordinary hacker typically has the resources for, but would be fairly easy for a state actor like the NSA. And of course if you are using a public WiFi network or the like, then pretty much any script kiddie can hijack your network connection.

04-17-2014, 12:20 AM	#42
rollei Addict Posts: 219 Karma: 1000210 Join Date: Mar 2014 Device: Kobo	RCMP caught this guy who stole SIN numbers from CRA site http://www.ctvnews.ca/canada/rcmp-ch...each-1.1778934

Advert

Advert