Page 1 of 2
Heartbleed PSA
Posted: Thu Apr 10, 2014 1:17 pm
by Darkfoxx
Just wanted to pass this along to you guys. Not sure if you're aware, but one of the biggest exploits (codename: ) in recent times was found this past week with OpenSSL. Audits have revealed that the vulnerability was active for at least five months before it was discovered and published. This piece of software is responsible for the "https://" you see in your address bar when visiting a secure site.
I've been fixing vulnerable servers at work and my boss and I came across this list of sites that are still vulnerable.
https://github.com/musalbas/heartbleed- ... op1000.txtIf you use one of those sites (and even ones that are no longer vulnerable...like Google, Facebook, etc) you should change your password.
Just FYI. Knowledge is power...and all that.
Re: Heartbleed PSA
Posted: Thu Apr 10, 2014 2:11 pm
by Jif
Re: Heartbleed PSA
Posted: Thu Apr 10, 2014 3:18 pm
by Darkfoxx
Re: Heartbleed PSA
Posted: Thu Apr 10, 2014 4:22 pm
by Harness
So it's stealing passwords from home PC's or from servers?
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 8:52 am
by Jif
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 8:59 am
by Jif
FYI i see Steamcommunity.com in that list as vulnerable. does that mean our steam accounts themselves may be compromised?
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 9:35 am
by Jif
http://heartbleed.com/great reference that answers most questions.
just spoke to a friend who's a programmer for Chase. He said it's been defcon V all week.
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 9:41 am
by Darkfoxx
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 9:51 am
by Jif
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 10:38 am
by Jif
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 11:35 am
by dun dun dun... chips
imo, this shouldve been done as hush-hush as possible until the bug is fixed. all this attention before its actually fixed just gives people with black hearts the time to learn and fuck shit up.
shouldve fixed it first, tried to keep it under the radar as much as possible, then after the exploit is done said hey, we just fixed this shit, probably want to change your passwords.
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 12:29 pm
by Darkfoxx
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 1:26 pm
by dun dun dun... chips
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 2:36 pm
by Jif
Re: Heartbleed PSA
Posted: Fri Apr 11, 2014 8:08 pm
by Harness