General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsCritical Security Bug 'Heartbleed' Hits Up To 66 Percent Of The Internet
http://www.huffingtonpost.com/2014/04/08/heartbleed-66-percent_n_5112793.html?utm_hp_ref=technologyPrince also put in a word of comfort: "Heartbleed is so serious -- it's such a big, bad event -- that almost every major service is scrambling to clean it up as quickly as possible." He estimated that most currently vulnerable websites will be "patched" by the end of the week.
Though a number of major websites have already been patched, others, including OKCupid, Flickr, Imagur and Yahoo.com, reportedly remain vulnerable to Heartbleed.
Users can test if their favorite websites are vulnerable here, though this service is reportedly not 100 percent reliable. Vulnerable sites should not be logged into until they're patched -- check those sites' blogs or Twitter feeds for updates -- and once a website has its patch in place, you should change your password for that site as soon as possible.
Erich Bloodaxe BSN
(14,733 posts)The version of openSSL running on my server is not one of the versions listed as being vulnerable to the heartbleed issue, thankfully.
Warren DeMontague
(80,708 posts)And in that case, the thing to do would be to change it and make sure you're not using the SAME password at other sites.
ashling
(25,771 posts)Do I need to change my password here?
Response to ashling (Reply #3)
A-Schwarzenegger This message was self-deleted by its author.
ashling
(25,771 posts)When I first heard of this I asked the tech chief at the college where I teach.
They do not use openSSL there either.
Warren DeMontague
(80,708 posts)The difference between an encrypted web connection and a non-encrypted, can be seen in the beginning of the URL; "http" for non, "https" for encrypted.
If security in that regard is a concern to you; like, you're constantly logging in and out of DU and as such sending your password back and forth- you might want to consider using a diff. password for DU than the one you use, for instance, at the bank.
Edited to add: Also probably moot if your DU username isn't related to your bank username, etc.
Xithras
(16,191 posts)Heartbleed only impacts Linux based servers running OpenSSL 1.0.0 or 1.0.1. It doesn't impact servers from Microsoft or Sun at all. Linux and Unix servers running OpenSSL competitors such as GnuTLS and JSSE are also not impacted. Also, as 1.0 was a major upgrade and didn't start gaining traction until mid-2012, a vast number of Linux/Apache web servers are still running the older 0.9.8 rev and aren't impacted by this.
When we scanned our datacenter and our clients servers for the vulnerability yesterday, we found that a relatively small percentage of our Linux servers were vulnerable, and all were newer servers implemented in the past 18 months (in fact, all but one were Ubuntu 12.04 LTS installs). The vast majority of our servers were either running 0.9.8 or were running JSSE.