Cellar Posted April 10, 2014 Share Is your site patched, and do we need to change passwords? Link to comment Share on other sites More sharing options...
Caerus Posted April 10, 2014 Share Is that for real? Do I need to change all my passwords? Link to comment Share on other sites More sharing options...
Cellar Posted April 10, 2014 Share Is that for real? Do I need to change all my passwords? Yes it's for real. Yes, it's probably prudent. Here's some advice:http://mashable.com/2014/04/09/heartbleed-what-to-do/ Link to comment Share on other sites More sharing options...
Tumbleweed Posted April 10, 2014 Share Also been reading about that. Password word changed. Link to comment Share on other sites More sharing options...
Caerus Posted April 10, 2014 Share Yes it's for real. Yes, it's probably prudent. Here's some advice:http://mashable.com/...eed-what-to-do/Done, thanks Link to comment Share on other sites More sharing options...
Cellar Posted April 10, 2014 Share Done, thanks Problem is that it's pointless to change your password if the site hasn't been patched, and the LastPass hearttbleed checker can't check thehub. Link to comment Share on other sites More sharing options...
Cellar Posted April 10, 2014 Share Next, change your passwords for major accounts — email, banking and social media logins — on sites that were affected by Heartbleed but patched the problem. However, if the site or service hasn't patched the flaw yet, there's no point to changing your password. Instead, ask the company when it expects to push out a fix to deal with Heartbleed. Link to comment Share on other sites More sharing options...
Kranky Posted April 10, 2014 Share I love how the security team behind releasing the bug have created such a great marketing/branding strategy. Bug announcements are usually so drab, and a big one like this really did need something special. Check out their site: http://heartbleed.com/ Link to comment Share on other sites More sharing options...
Karman de Lange Posted April 10, 2014 Share As far i can figure out the hub don't use ssl so wont be affected.... Link to comment Share on other sites More sharing options...
Guest EdEdEd Posted April 10, 2014 Share Please explain to the stupid people: (i.e. me) Link to comment Share on other sites More sharing options...
DJR Posted April 10, 2014 Share Please explain to the stupid people: (i.e. me) + Me too Link to comment Share on other sites More sharing options...
Cellar Posted April 10, 2014 Share Please explain to the stupid people: (i.e. me) You know when you see https in the website address? that means the communication between you and the webserver is encrypted using SSL. The OpenSSL implementation of this has a security vulnerability that allows someone to intercept and access your info. Now, the problem is that even when you don't use the secure (https) version of a site, very often the sending of authentication info (password) is sent via SSL, so even a site like this one, which doesn't have an https version may have leaked your username/password during the login process. Link to comment Share on other sites More sharing options...
Guest EdEdEd Posted April 10, 2014 Share You know when you see https in the website address? that means the communication between you and the webserver is encrypted using SSL. The OpenSSL implementation of this has a security vulnerability that allows someone to intercept and access your info. Now, the problem is that even when you don't use the secure (https) version of a site, very often the sending of authentication info (password) is sent via SSL, so even a site like this one, which doesn't have an https version may have leaked your username/password during the login process. So change all my passwords? But how does one know said site implemented the Fixed OpenSSL? Link to comment Share on other sites More sharing options...
Iwan Kemp Posted April 10, 2014 Share You know when you see https in the website address? that means the communication between you and the webserver is encrypted using SSL. The OpenSSL implementation of this has a security vulnerability that allows someone to intercept and access your info. Now, the problem is that even when you don't use the secure (https) version of a site, very often the sending of authentication info (password) is sent via SSL, so even a site like this one, which doesn't have an https version may have leaked your username/password during the login process. Thanks for the explanation. Just to be clear, is the worst that can happen here somebody gets my Hub password an post in my behalf? Link to comment Share on other sites More sharing options...
Uni Posted April 10, 2014 Share You know when you see https in the website address? that means the communication between you and the webserver is encrypted using SSL. The OpenSSL implementation of this has a security vulnerability that allows someone to intercept and access your info. Now, the problem is that even when you don't use the secure (https) version of a site, very often the sending of authentication info (password) is sent via SSL, so even a site like this one, which doesn't have an https version may have leaked your username/password during the login process. how would it be different if at all if you use something like Tapatalk? Link to comment Share on other sites More sharing options...
Guest EdEdEd Posted April 10, 2014 Share Thanks for the explanation. Just to be clear, is the worst that can happen here somebody gets my Hub password an post in my behalf?And any other site... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.