Page 1 of 2

Heartbleed PSA

Posted: Thu Apr 10, 2014 1:17 pm
by Darkfoxx
Just wanted to pass this along to you guys. Not sure if you're aware, but one of the biggest exploits (codename: ) in recent times was found this past week with OpenSSL. Audits have revealed that the vulnerability was active for at least five months before it was discovered and published. This piece of software is responsible for the "https://" you see in your address bar when visiting a secure site.

I've been fixing vulnerable servers at work and my boss and I came across this list of sites that are still vulnerable.

https://github.com/musalbas/heartbleed- ... op1000.txt

If you use one of those sites (and even ones that are no longer vulnerable...like Google, Facebook, etc) you should change your password.

Just FYI. Knowledge is power...and all that. :thumbsup:

Re: Heartbleed PSA

Posted: Thu Apr 10, 2014 2:11 pm
by Jif

Re: Heartbleed PSA

Posted: Thu Apr 10, 2014 3:18 pm
by Darkfoxx

Re: Heartbleed PSA

Posted: Thu Apr 10, 2014 4:22 pm
by Harness
So it's stealing passwords from home PC's or from servers?

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 8:52 am
by Jif

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 8:59 am
by Jif
FYI i see Steamcommunity.com in that list as vulnerable. does that mean our steam accounts themselves may be compromised?

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 9:35 am
by Jif
http://heartbleed.com/
great reference that answers most questions.

just spoke to a friend who's a programmer for Chase. He said it's been defcon V all week.

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 9:41 am
by Darkfoxx

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 9:51 am
by Jif

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 10:38 am
by Jif

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 11:35 am
by dun dun dun... chips
imo, this shouldve been done as hush-hush as possible until the bug is fixed. all this attention before its actually fixed just gives people with black hearts the time to learn and fuck shit up.
shouldve fixed it first, tried to keep it under the radar as much as possible, then after the exploit is done said hey, we just fixed this shit, probably want to change your passwords.

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 12:29 pm
by Darkfoxx

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 1:26 pm
by dun dun dun... chips

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 2:36 pm
by Jif

Re: Heartbleed PSA

Posted: Fri Apr 11, 2014 8:08 pm
by Harness