PSA: Heartbleed Secure Web Vulnerability
Please Share Around: So, you may or may not have heard about "Heartbleed". A significant proportion[1], possibly 2/3rds of all "secure" web servers out there are currently essentially insecure (could be snooped on by anyone on the Internet), and this may have been the case since Mar 2012. The bug was publically announced on 7th of April 2014
( Read more... )
Comments 14
Seem to be getting a lot of timeout and broken pipe errors.
Otherwise, I can't find a single site that is affected that I log into (not that there are many).
So, yay!
Is there really a need to change all my passwords though?
That would be quite painful. Not as painful as having my data stolen, but painful.
Reply
However, that's a large list, and there's no comprehensive list of them that I've found yet. :-/
github.com
yahoo.com
are some notable big ones. Another partial list:
http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html
... :-(
Reply
I'm hoping they will tell me.
I guess I may as well change my bank password again.
Damnit. I'm getting old. I can't remember all these passwords (and I dislike pw programs).
Reply
1. You can't possibly remember individual site passwords for however many sites you have
2. If you don't randomly generate the password, it's pretty much almost certainly crackable by most password cracking tools, so if the password file ever leaks, any non-randomly generated password probably will be cracked.
http://lastpass.com/ comes fairly well recommended as well, and their response to this situation has been quite good. I prefer OnePassword, as mentioned in the OP, but they're more expensive.
ETA: Or, really, get a little black book, randomly generate passwords using something, and write them down. It's more secure than non-unique passwords.
Reply
Reply
https://github.com/musalbas/heartbleed-masstest/blob/b72a87558bfe37cd40327ec8b72386a2a2b99c69/README.md#627-of-the-top-10000-sites-appeared-vulnerable-on-april-8-1600-utc
Reply
Leave a comment