Log in

View Full Version : "Heartbleed" security bug: security breach on possibly 66% of the entire internet

sqishy
April 10th, 2014, 03:08 PM
CVE-2014-0160

I won't say much as it's new to me, but after seeing some websites and news and password change and double authentication recommendations, I'll give you a few links to show what as just happened through up to 66% of the whole internet.

1: http://heartbleed.com/ [don't worry this is not the website for where the bug is, it's a website made specifically to give information about it]

2: http://www.bbc.com/news/technology-26971363

3: http://www.bbc.com/news/technology-26969629

4: http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

5: http://abcnews.go.com/Business/heartbleed-online-bug/story?id=23256168

6: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

7: http://filippo.io/Heartbleed/


As said 2 posts after this one, there's no need to change your password on VT.

Don't use the red color. -Albert/Hypers
ksdnfkfr
April 10th, 2014, 03:16 PM
I'll let my folks know as I don't have anything worth hacking. Although if I suddenly start posting advertising spam you'll know why.
LunarScorpio
April 10th, 2014, 03:21 PM
VT doesn't use SSL so it is fine.

Password changing.... Yes and no. Yes if the site was vulnerable and the SSL has been updated and its certificate reissued. If it is still vulnerable, then changing your password just gives it to anyone watching the connection.

And it is not a computer virus, just a security vulnerability
sqishy
April 10th, 2014, 03:26 PM
VT doesn't use SSL so it is fine.

Password changing.... Yes and no. Yes if the site was vulnerable and the SSL has been updated and its certificate reissued. If it is still vulnerable, then changing your password just gives it to anyone watching the connection.

And it is not a computer virus, just a security vulnerability

On the password changing, one of the links can verify if a website address is okay or not, I'm not at all saying that people should change all their passwords, but some just in case.

Yeah I sould change that, bug and virus keep getting mixed up, I'm don't know loads about this stuff. I sit corrected.
Gamma Male
April 10th, 2014, 03:44 PM
I'd normally take this opportunity to gloat about having the nearly impenetrable Linux, but if I'm not mistaken this is more of a serverside/ networking issue.
LunarScorpio
April 11th, 2014, 10:50 AM
CVE-2014-0160

As said 2 posts after this one, there's no need to change your password on VT.[/COLOR]



I stand by what I said earlier, however I should also mention that if you use the same password on another site/email service that does use SSL, and could have been vulnerable, then it is worth changing your password
sqishy
April 11th, 2014, 03:47 PM
I stand by what I said earlier, however I should also mention that if you use the same password on another site/email service that does use SSL, and could have been vulnerable, then it is worth changing your password

Yes.