Heartbleed SSL Vuln *ALERT*

[CalVic]

My heart bleeds for you! <3

On a serious note, over the past few day's my inbox has been bombarded with this serious vulnerability in OpenSSL

More Info:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

- http://heartbleed.com/




Large websites that use the vuln version of OpenSSL are somewhat vulnerable websites such as Facebook and parts of Google have been vulnerable, it is advised you change your passwords

You can test for the vulnerability here:

http://filippo.io/Heartbleed/

A list of vulnerable sites:

https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

More info:

http://heartbleed.com/

 

[Tripp]

My heart bleeds for you! <3

On a serious note, over the past few day's my inbox has been bombarded with this serious vulnerability in OpenSSL

More Info:






- http://heartbleed.com/




Large websites that use the vuln version of OpenSSL are somewhat vulnerable websites such as Facebook and parts of Google have been vulnerable, it is advised you change your passwords

You can test for the vulnerability here:

http://filippo.io/Heartbleed/

A list of vulnerable sites:

https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

More info:

http://heartbleed.com/

is the test legit, as i dont want to opening my pc up to someone like an idiot

 

[barnsley]

The vulnerability that is possibly 2 years old, right? Honestly the way the media is going about it, you have to actively AVOID hearing about it.
Thanks to it, people are changing passwords before websites have switched over to the secure version.

is the test legit, as i dont want to opening my pc up to someone like an idiot

The flippo one is legit

 

[SuB]

The vulnerability that is possibly 2 years old, right? Honestly the way the media is going about it, you have to actively AVOID hearing about it.
Thanks to it, people are changing passwords before websites have switched over to the secure version.



The flippo one is legit

you literally posted exactly what I was thinking.

 

[barnsley]

you literally posted exactly what I was thinking.

Great minds think alike

If SSL has been vulnerable for so long it makes me really worry about everything else vaguely "secure" on the web.

 

[SPS]

Yeah, seriously don't change passwords on a still exploited server..

 

[vorticalbox]

Yeah, seriously don't change passwords on a still exploited server..

just what i was thinking.

for anyone worried about the using these scanners comodo has their own tool too

Comodo Scanner

 

[yassarikhan786]

Apparently this is a good place to check whether or not you should update a password on a particular site:

https://lastpass.com/heartbleed/