I changed gmail, facebook and yahoo passwords this morning. Should I have waited? Should I change them again in the near future?
I used this page as a guide: http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/Is there a better one?
― Oren Zombarchi (WilliamC), Thursday, 10 April 2014 15:55 (ten years ago) link
bookmarked
― sleeve, Thursday, 10 April 2014 15:59 (ten years ago) link
just done mine (those 3 plus dropbox). i used this list:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected
― koogs, Thursday, 10 April 2014 16:01 (ten years ago) link
https://www.youtube.com/watch?v=I1sNImbI2Zw
― waterbabies (waterface), Thursday, 10 April 2014 16:01 (ten years ago) link
(was surprisingly hard to find the google password change option)
― koogs, Thursday, 10 April 2014 16:03 (ten years ago) link
took this as an opportunity to do some bulk password resetting for the first time in a long time.
― sitting on a claud all day gotta make your butt numb (forksclovetofu), Thursday, 10 April 2014 16:41 (ten years ago) link
Most of my websites of concern seemed to be OK. Gmail has 2-step verification, so not terribly concerned there.
― Josh in Chicago, Thursday, 10 April 2014 16:43 (ten years ago) link
LastPass Heartbleed checker https://lastpass.com/heartbleeddon't forget to check your private trackers
― Sébastien, Thursday, 10 April 2014 17:44 (ten years ago) link
thanks, forgot that one
― sleeve, Thursday, 10 April 2014 17:45 (ten years ago) link
As long as your password isn't ******** you're fine.
― StanM, Thursday, 10 April 2014 18:19 (ten years ago) link
the things people will do to get on 77
― smhphony orchestra (crüt), Thursday, 10 April 2014 18:25 (ten years ago) link
https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013
― wat is teh waht (s.clover), Thursday, 10 April 2014 18:26 (ten years ago) link
irl assessment by lecturer with Phd in net security topic:
don't worry bout it.
― recommend me a new bagman (darraghmac), Thursday, 10 April 2014 18:49 (ten years ago) link
do your worst, bugthingy
― images of war violence and historical smoking (Dr Morbius), Thursday, 10 April 2014 18:49 (ten years ago) link
person attacking even a vulnerable site would have to have been live on the same server at the same time as you in order to get any relevant info is his assessment
good to know but that means i freaked out my mom for no reasonplease don't tell her
― sitting on a claud all day gotta make your butt numb (forksclovetofu), Thursday, 10 April 2014 19:02 (ten years ago) link
i think this only applies to the session side-jacking attack cuz if the vulnerability happens to reveals the server's private key then any SSL traffic that is sniffed can be decrypted
― diamonddave85 (diamonddave85), Thursday, 10 April 2014 19:23 (ten years ago) link
now google.com fails to respond in firefox, 'waiting for www.google.com...' - there's probably a session using the old password kicking around...
― koogs, Thursday, 10 April 2014 19:53 (ten years ago) link
http://i.imgur.com/AMQEQik.jpg
― smhphony orchestra (crüt), Friday, 11 April 2014 03:56 (ten years ago) link
i can't care enough to read about this
― markers, Friday, 11 April 2014 03:56 (ten years ago) link
I don't even own a computer
― nitro-burning funny car (Moodles), Friday, 11 April 2014 04:01 (ten years ago) link
What's an internet
― 龜, Friday, 11 April 2014 04:07 (ten years ago) link
Whose hands are these?
― art, Friday, 11 April 2014 04:11 (ten years ago) link
Whose hands are these? --art
Wait they're mine. My hands
who are you?
― Mayor Manuel (La Lechera), Friday, 11 April 2014 04:14 (ten years ago) link
http://www.quickmeme.com/img/2a/2afdb16b3d5143a9feaad0116b07a778c4e7a6583a44edac128b8421c8603007.jpg
― the Bronski Review (Trayce), Friday, 11 April 2014 05:10 (ten years ago) link
really sick of waiting for a response from xvideos, come on guys
― Matt Armstrong, Friday, 11 April 2014 05:27 (ten years ago) link
not ashamed to note that the first website i checked was ilxori got no answer
― sitting on a claud all day gotta make your butt numb (forksclovetofu), Friday, 11 April 2014 05:31 (ten years ago) link
a lot of the sites i never even knew or neeed https on to start with. I mean, Soundcloud!?
― the Bronski Review (Trayce), Friday, 11 April 2014 05:40 (ten years ago) link
Got an e-mail from a colleague saying "because of security concerns related to the Heartbleed bug, we have changed the password for ********** access. The new password is 'Password1'".
― Yuri Bashment (ShariVari), Friday, 11 April 2014 07:43 (ten years ago) link
ahaha
― smhphony orchestra (crüt), Friday, 11 April 2014 07:45 (ten years ago) link
capital letter and a digit = good. needs punctuation
Password1!
― koogs, Friday, 11 April 2014 08:27 (ten years ago) link
Lol
― recommend me a new bagman (darraghmac), Friday, 11 April 2014 08:28 (ten years ago) link
Pinboard @Pinboard Apr 8Responsible disclosure (n.): coming up with a cool logo, homepage and name for your terrifying bug before panicking the Internet with it
― sktsh, Friday, 11 April 2014 11:01 (ten years ago) link
My new password:
http://cdn4.fashionablygeek.com/wp-content/uploads/2014/02/benny-SPACESHIP.jpg
I just have to figure out how to make the Lego guy's head.
― Josh in Chicago, Friday, 11 April 2014 12:06 (ten years ago) link
some of my old passwords, help yourself:
8{qx=L6n
-#@Ru:c2
(standard android 'Secrets' app generates passwords that are terrible to type using the android keyboard)
― koogs, Friday, 11 April 2014 19:24 (ten years ago) link
Hip Hop & Rappers for Ron Paul shared 11Alive's status update.
Like Page11Alive
The National Security Agency not only knew about Heartbleed for at least two years, the agency used it to gather intelligence, according to a report.
― puff puff post (uh oh I'm having a fantasy), Friday, 11 April 2014 22:11 (ten years ago) link
Bloomberg News says NSA found it, used it, didn't report it. NSA and White House deny.
― dow, Friday, 11 April 2014 22:41 (ten years ago) link
our favorite comic with a pretty good explanation actually http://xkcd.com/1354/
― wat is teh waht (s.clover), Saturday, 12 April 2014 02:03 (ten years ago) link
(also yeah, this seems like the sort of thing the nsa would def have found, but one never knows)
― wat is teh waht (s.clover), Saturday, 12 April 2014 02:05 (ten years ago) link
NS4 probably doesn't need stuff this basic if they already have back doors into every type of firewall or network card's firmware. But yeah, this denial keeps us all quiet and happy.
― StanM, Saturday, 12 April 2014 02:28 (ten years ago) link
Disclaimer: not saying they do have what I just said, only that that would seem like the most obvious way to do what they supposedly do.
― StanM, Saturday, 12 April 2014 02:31 (ten years ago) link
CRA says social insurance numbers of about 900 Canadians stolen in Heartbleed breach.http://business.financialpost.com/2014/04/14/cra-sin-stolen-heartbleed/?__lsa=2c04-fb9f
wonder if other crimes have been reported.
― Sébastien, Monday, 14 April 2014 16:19 (ten years ago) link