Featured News You need to act - Heartbleed bug

Discussion in 'Green Room' started by American Zombie, Apr 11, 2014.

  1. American Zombie

    American Zombie Moderator Staff Member Political User

    Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet's Transport Layer Security (TLS) protocol. This vulnerability results from a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension, the heartbeat being behind the bug's name. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords. (Heartbleed - Wikipedia, the free encyclopedia)

    Here is a listed of places that are or were affected by the Heartbleed bug.

    If something you use is on the list and their services have been patched you may want to change your password.
    If they have not yet patched yet it will do no good to change your password so wait for that service/site to be patched then change password.
    For example, Gmail was affected but is now patched so you should probably change your gmail password.

    More details are in the following link:
    :view: The Heartbleed Hit List: The Passwords You Need to Change Right Now
    Last edited by a moderator: Apr 20, 2014