Keith Simmons Posted April 9, 2014 Share Posted April 9, 2014 Hi everyone. I expect you are aware of the latest software bug around (Heartbleed Bug) and apparently it has been running for a few years !!!! The latest advice is to change ALL your passwords and I have just done mine for this site. Kind regards Keith Edited By Keith Simmons on 09/04/2014 14:17:44 Quote Link to comment Share on other sites More sharing options...
graham dewis Posted April 9, 2014 Share Posted April 9, 2014 Which software bug is that pse ? Quote Link to comment Share on other sites More sharing options...
WolstonFlyer Posted April 9, 2014 Share Posted April 9, 2014 The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.Have a look at heartbleed.com Quote Link to comment Share on other sites More sharing options...
John Privett Posted April 9, 2014 Share Posted April 9, 2014 Posted by graham dewis on 09/04/2014 18:39:34: Which software bug is that pse ? As already stated in Keith's post, it's the Heartbleed Bug. (Link is to the BBC News site, not anything malicious!) Quote Link to comment Share on other sites More sharing options...
graham dewis Posted April 9, 2014 Share Posted April 9, 2014 Thanks for the information guys. Quote Link to comment Share on other sites More sharing options...
WolstonFlyer Posted April 9, 2014 Share Posted April 9, 2014 This forum will be OK because it runs on Windows servers using IIS and doesn't use SSL anyway. Quote Link to comment Share on other sites More sharing options...
Pete B Posted April 9, 2014 Share Posted April 9, 2014 Most of what I've browsed about this has gone way over my head, TBH I did get the impression though, that if any of your normally-frequented commercial sites use OpenSSL, they will probably contact you to suggest changing your password. Until then, I can't see any reason why I need change all passwords - unless someone can convince me otherwise... Pete Quote Link to comment Share on other sites More sharing options...
Peter Jenkins Posted April 9, 2014 Share Posted April 9, 2014 Peter, from what I've read, only some ISPs are affected and changing your password before the bug is fixed, if you are one of the affected ones, doesn't help you. So, like you, I'm going to wait for my ISP to tell me whether I've been effected and if I then need to change my passwords. Quote Link to comment Share on other sites More sharing options...
Gary Manuel Posted April 10, 2014 Share Posted April 10, 2014 Isn't it good practice to change passwords regularly regardless - especially to sites holding sensitive information? (not that I do) If you suspected that someone had looked over your shoulder and knew your password, you would change it. This is similar, but it's no good changing it if they are still looking over your shoulder, which is what it's like if the bug has not been removed yet. Quote Link to comment Share on other sites More sharing options...
john melia 1 Posted April 10, 2014 Share Posted April 10, 2014 Posted by Pete B - Moderator on 09/04/2014 21:55:43: Most of what I've browsed about this has gone way over my head, TBH I did get the impression though, that if any of your normally-frequented commercial sites use OpenSSL, they will probably contact you to suggest changing your password. Until then, I can't see any reason why I need change all passwords - unless someone can convince me otherwise... Pete So how do you find out which sites use open ssl Quote Link to comment Share on other sites More sharing options...
Keith Simmons Posted April 10, 2014 Author Share Posted April 10, 2014 Thanks guys. I am prompted to change my passwords every 2 months at work. At home I am far more lazy. I just don't know how much damage there has been done due to the Heartbleed bug and if there is an attack, it's hidden and off the radar. Like John, I also have no idea about open SSL but hopefully the security sites will check through their systems as it is now in the open. I don't use my bank on-line and I only use my payments on-line through my home network, not via an external open router. If I am already affected, I agree changing the passwords now, is like shutting the stable door after the horse has bolted. Keith Quote Link to comment Share on other sites More sharing options...
Pete B Posted April 10, 2014 Share Posted April 10, 2014 Posted by john melia 1 on 10/04/2014 13:14:29: So how do you find out which sites use open ssl Dunno John - I'm hoping they'll tell me! Pete Quote Link to comment Share on other sites More sharing options...
Martyn K Posted April 10, 2014 Share Posted April 10, 2014 It's not worth changing passwords until the flaw has actually been fixed. If you change your password now then the a flawed system can still expose your new password. You need to wait until the flaws have been fixed. Martyn Quote Link to comment Share on other sites More sharing options...
John Privett Posted April 10, 2014 Share Posted April 10, 2014 Posted by john melia 1 on 10/04/2014 13:14:29: So how do you find out which sites use open ssl Advice from Solwise, the router/network gear people from whom I've bought various bits and pieces in the past, received by email today; Advice for web users: There are ways you can test if websites you visit are vulnerable to the 'Heartbleed Bug' before you enter any personal details on them. If you are a Chrome user you can download a Chrome Extension, Chromebleed, which warns you when a site you're visiting has been affected. **LINK** There is also a test site you can check by domain names **LINK** Quote Link to comment Share on other sites More sharing options...
John Privett Posted April 10, 2014 Share Posted April 10, 2014 It goes on to say (as Martin already mentioned); Changing Passwords As a precautionary measure, people are being advised to change the passwords for all of their online accounts -- especially the most sensitive accounts (Internet Banking, Email, Social Networks etc...). If you decide to undertake these [painfully laborious] measures, may we advise that you do not change your password with a website until you are certain that they have already patched the 'Heartbleed Bug'. This will ensure the safety of your new set of passwords. Quote Link to comment Share on other sites More sharing options...
Peter Miller Posted April 11, 2014 Share Posted April 11, 2014 According to the BBC news, there is no point in chnaging passwords until the company tells you to. This is because, until they fix the problem any new password will still vunerable. Once the problem has been fixed you should get an email telling too change the password. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.