J4MES OX4D 10,025 Posted April 11, 2014 Share Posted April 11, 2014 Anyone taking this shit seriously? Apparently a major flaw has been discovered by several tech firms stating that passwords could be compromised and we should change all of them on our online accounts Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/ Share on other sites More sharing options...
deterioration 443 Posted April 11, 2014 Share Posted April 11, 2014 I don't bank, pay bills or save any of my credit card info in my accounts online in preparation of times such as these. Found this site to run URL's through: https://lastpass.com/heartbleed/ Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30852 Share on other sites More sharing options...
Diddums 4,346 Posted April 11, 2014 Share Posted April 11, 2014 Meh. Let them rob me. I've got about 50p for them. Nobody seems to care anyway. Dattebayo, jordie1892 and J4MES OX4D 3 Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30853 Share on other sites More sharing options...
Dattebayo 446 Posted April 11, 2014 Share Posted April 11, 2014 I don't have any money. Let the c*ckbags be disappointed. Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30855 Share on other sites More sharing options...
Sennex 1,903 Posted April 11, 2014 Share Posted April 11, 2014 So this is actually really huge to be honest. This is the best explanation for how it works. It might not seem like its all that big of a deal, but it really is. This site here uses open SSL, most sites use Open SSL. When I say most, the current estimate is upwards of 60% of the worlds websites. Does this mean you need to worry about your banking passwords and online bill payment crap? Truthfully, yes you do. Does this mean you need to run out and change all your passwords right now? No it doesn't, and here is why. This is NOT a quick fix, this is a huge endeavor, this is a huge amount of work, and most websites are not being open about how and when they are dealing with this issue. Your best course of action here is to monitor all of your various accounts very closely for the next month. Take action as needed to keep yourself safe. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ That is a list of what we know as of yesterday was affected and what the companies are doing about it. Seriously, take the time to research it and see how it impacts you. Again, this is a world wide issue, not just local to the US Lastly, think about the pandora's box that was opened by announcing this. How many blackhatters out there didn't know about this, but as soon as it was announced, decided to jump on it and start scooping up all the data they could because companies are in a panic lepercolony, Plumbers Crack, J4MES OX4D and 2 others 5 Luke 23:34 'And Jesus said, "Father, forgive them, for they don't think it be like it is, but it do." Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30859 Share on other sites More sharing options...
TigerBurge 2,375 Posted April 11, 2014 Share Posted April 11, 2014 Here's my question,this isn't something new,it's been there for a while? So they already will have your info if they wanted it right? Your banking numbers and such. Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30871 Share on other sites More sharing options...
Sennex 1,903 Posted April 11, 2014 Share Posted April 11, 2014 Here's my question,this isn't something new,it's been there for a while? So they already will have your info if they wanted it right? Your banking numbers and such. Well, maybe the problem here is guessing how many actually knew about it BEFORE the media posted it everywhere. Luke 23:34 'And Jesus said, "Father, forgive them, for they don't think it be like it is, but it do." Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30873 Share on other sites More sharing options...
spectre 633 Posted April 11, 2014 Share Posted April 11, 2014 Maybe this will get people up in arms? It is one thing for the NSA to spy on everyone in the world, especially US citizens because all of them are obviously potential "terrorizers" just waiting for their opportunity to blow shit up (except for anything in close proximity to the Boston marathon - those things the NSA promptly filters out), but when the NSA itself is found to have not only known and itself abused the prevalent and widespread Heartbleed bug, but left consumers exposed, then it may be time to finally launch a class action lawsuit against Obama's favorite means to eavesdropping on the entire world. From Bloomberg: NSA SAID TO EXPLOIT HEARTBLEED BUG FOR INTELLIGENCE FOR YEARS The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. And the punchline: NSA SAID TO HAVE USED HEARTBLEED BUG AND LEFT CONSUMERS EXPOSED Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers. “It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.” More: The potential stems from a flaw in the protocol used to encrypt communications between users and websites protected by OpenSSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be hit by a single attacker. Questions remain about whether anyone other than the U.S. government might have exploited the flaw before the public disclosure. Sophisticated intelligence agencies in other countries are one possibility. If criminals found the flaw before a fix was published this week, they could have scooped up troves of passwords for online bank accounts, e-commerce sites, and e-mail accounts across the world. Evidence of that is so far lacking, and it’s possible that cybercriminals missed the potential in the same way security professionals did, suggested Tal Klein, vice president of marketing at Adallom, in Menlo Park, California. The fact that the vulnerability existed in the transmission of ordinary data -- even if it’s the kind of data the vast majority of users are concerned about -- may have been a factor in the decision by NSA officials to keep it a secret, said James Lewis, a cybersecurity senior fellow at the Center for Strategic and International Studies. “They actually have a process when they find this stuff that goes all the way up to the director” of the agency, Lewis said. “They look at how likely it is that other guys have found it and might be using it, and they look at what’s the risk to the country.” Lewis said the NSA has a range of options, including exploiting the vulnerability to gain intelligence for a short period of time and then discreetly contacting software makers or open source researchers to fix it. Thank you NSA, for once again showing that you are from the government and are there to "help" and of course "protect" everyone. How much more abuse from the government can the (granted mostly obese) US population take before it finally snaps? ah, who am I kidding. BO7H B4RRELS 1 Keep calm and question nothing. Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-30880 Share on other sites More sharing options...
J4MES OX4D 10,025 Posted April 14, 2014 Author Share Posted April 14, 2014 First casualties of the heartbleed bug http://www.bbc.co.uk/news/technology-27028101 Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31048 Share on other sites More sharing options...
Plumbers Crack 4,059 Posted April 15, 2014 Share Posted April 15, 2014 So, am I right in saying there's no point in changing your password, etc until the website you're using says it's server has been patched? Also, should we just be worried about the one's where we make financial transactions? Thanks to Capn_Underpants for the artwork Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31057 Share on other sites More sharing options...
Sennex 1,903 Posted April 15, 2014 Share Posted April 15, 2014 So, am I right in saying there's no point in changing your password, etc until the website you're using says it's server has been patched? Also, should we just be worried about the one's where we make financial transactions? Personally, I changed all of mine that I knew were affected by this. Its a huge PITA, but better to be safe than sorry. Luke 23:34 'And Jesus said, "Father, forgive them, for they don't think it be like it is, but it do." Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31105 Share on other sites More sharing options...
Plumbers Crack 4,059 Posted April 15, 2014 Share Posted April 15, 2014 What I mean is if you change your password on an unpatched server it's a waste of time? Thanks to Capn_Underpants for the artwork Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31108 Share on other sites More sharing options...
Sennex 1,903 Posted April 15, 2014 Share Posted April 15, 2014 Not really sure what to say here to be honest. -------------- Does this mean you need to worry about your banking passwords and online bill payment crap? Truthfully, yes you do. Does this mean you need to run out and change all your passwords right now? No it doesn't, and here is why. This is NOT a quick fix, this is a huge endeavor, this is a huge amount of work, and most websites are not being open about how and when they are dealing with this issue. Your best course of action here is to monitor all of your various accounts very closely for the next month. Take action as needed to keep yourself safe. ------------- I keep falling back to that as my stance. Most websites are not being really forthcoming on if they are affected or not. There have been two posted lists so far for websites that are being proactive in all this crap. IF you have anything with any of them, then yes change your passwords. If not, then fall back to my post above: Monitor and change in about 2-3 weeks or so. The big take away here (and honestly after the way a few other companies have been hacked in the last few months, this should be your permanent stance), is to NOT trust any of these companies to protect you or give you information on whats what. Plumbers Crack 1 Luke 23:34 'And Jesus said, "Father, forgive them, for they don't think it be like it is, but it do." Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31111 Share on other sites More sharing options...
Plumbers Crack 4,059 Posted April 15, 2014 Share Posted April 15, 2014 Thanks that's sound and clears it up as much as possible Thanks to Capn_Underpants for the artwork Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31120 Share on other sites More sharing options...
Sennex 1,903 Posted April 15, 2014 Share Posted April 15, 2014 Sorry I couldn't be more help man, its a really shitty situation for everyone to be honest. Luke 23:34 'And Jesus said, "Father, forgive them, for they don't think it be like it is, but it do." Link to comment https://forevergaming.co.uk/forum/forums/topic/1183-heartbleed-bug/#findComment-31121 Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now