‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys
-
Change your passwords folks
http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/
-
@Hubtech said:
Change your passwords folks
http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/
Ugh, the amount of stuff I'm going to have to update is staggering.
-
The exposed stuff I have is all not affected. I have not tested beyond that at this point.
-
Don't change your password on any system that isn't updated yet, or it will just get stolen again. There's a bunch of places that will tell you if a site is updated or not, including LastPass.
-
We actually have very little. Only one site found so far.
-
@Nic said:
Don't change your password on any system that isn't updated yet, or it will just get stolen again. There's a bunch of places that will tell you if a site is updated or not, including LastPass.
I'm not sure what the specific pointing out of LastPass is, but here's a link to their blog http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html
According to them, your passwords were never in jeopardy because it's always pre encrypted before being sent over the internet, even thought it was going on SSL. -
@Dashrender said:
@Nic said:
Don't change your password on any system that isn't updated yet, or it will just get stolen again. There's a bunch of places that will tell you if a site is updated or not, including LastPass.
I'm not sure what the specific pointing out of LastPass is, but here's a link to their blog http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html
According to them, your passwords were never in jeopardy because it's always pre encrypted before being sent over the internet, even thought it was going on SSL.No I mean LastPass will now check sites for you: http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html
-
@Nic said:
@Dashrender said:
@Nic said:
Don't change your password on any system that isn't updated yet, or it will just get stolen again. There's a bunch of places that will tell you if a site is updated or not, including LastPass.
I'm not sure what the specific pointing out of LastPass is, but here's a link to their blog http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html
According to them, your passwords were never in jeopardy because it's always pre encrypted before being sent over the internet, even thought it was going on SSL.No I mean LastPass will now check sites for you: http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html
Aww.. yes Very cool of them! Scott even started a new page just for that.
