Comments

You have commented 339 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

-Short Attention Span Theater-

Passwords you need to change right now because of Heartbleed

2014-04-17

Click the link to see a list of sites to update passwords and browser plugin to identify sites that have been repaired.
By now, we all know what a huge deal Heartbleed is. The massive vulnerability in OpenSSL protocol impacted 66% of all sites on the Internet at the time of its discovery, and now companies are scrambling to fix the issue. Most big companies seem to have done a pretty good job of acting quickly, but this bug is several years old so users have been at risk for quite some time regardless of how quickly a site might have patched the flaw. As such, the cybersecurity experts at LWG Consulting have compiled a great list of all the huge sites that were impacted by Heartbleed.
You could have just asked the NSA for the list.
Do you have accounts on any of the sites listed below? Change your password immediately and be sure to change your passwords on any other sites if you use the same password there.

Those looking to protect themselves from websites still impacted by the Heartbleed bug should install this browser plugin immediately. It will warn users each time they visit a website that has not yet updated OpenSSL to protect users from Heartbleed.

Posted by:gorb

#9 It wasn't that old, SAM. I had to replace it 6 or 7 years ago when a big lightning storm fried something (hard drive? motherboard?).

My car has over 200,000 miles on it, ferchrissakes. And it's got a lot more moving parts. >:-(

Posted by: Barbara 2014-04-17 20:45

#8 Your old computer was, well, old. Probably slow and used vacuum tubes or had a...gasp...single core processor.

You're helping the economy by buying a new computer. ;-)

Posted by: Secret Asian Man 2014-04-17 17:43

#7 I find windows 7 64bit to be excellent.

Posted by: Bright Pebbles 2014-04-17 17:17

#6 P2k, I'm frosted because there was nothing wrong with my computer. I wouldn't have minded so much if I could have just upgraded the OS, just as we did from the old Office to Office 2010.

But to have to buy a NEW computer because they were tired of the old one . . . . >:-(

Posted by: Barbara 2014-04-17 15:59

#5 Code should be treated like mines. If you abandon the mine, it reverts to open claim. Abandon your code and someone else can pick it up (like the Dutch government et al who are paying for continued support). Those guys need to get the EuroBureaucrats working on that angle.

Posted by: Procopius2k 2014-04-17 14:38

#4 I'll have the computer guy take care of it on Friday when he comes to install my new computer (WHICH I HAD TO BUY BECAUSE THEY QUIT SUPPORTING XP - THANKS, YOU MICROSOFT BASTARDS).

I'd never download a plugin just because some website said I should.

Posted by: Barbara 2014-04-17 13:21

#3 One of the key concepts in B.P's link is "don't write your own damn code!"

This is exactly how the OpenSSL boys got into trouble when they coded up their own memory management routines because they felt the standard libraries (malloc, mmap) were too slow. Most unfortunate, given that the standard libs have exploit mitigation code to stop just this sort of buffer problem.

Posted by: SteveS 2014-04-17 13:20

#2 I'm getting too old for this business. I don't know how much longer I can keep up with all these cyber threats.

I remember in the bad old days when I was poor I'd get a live paycheck in my hand every week. I'd take it to the bank and cash it. Then I'd walk around all week with cash in my pocket. When there was no more cash I knew it was time to stop spending. I kinda miss that.

Posted by: Ebbang Uluque6305 2014-04-17 12:41

#1 Who still stores plaintext passwords?!?

https://crackstation.net/hashing-security.htm

Posted by: Bright Pebbles 2014-04-17 05:54

00:00