Heartbleed: Who Was Affected, What to Do Now

[Guest]

Worried about the Heartbleed bug affecting millions of websites? Here's a step-by-step guide on what you can do to protect yourself.

Heartbleed: Who Was Affected, What to Do Now : Read more

 

[JMcEntegart]

Great post!!

 

[SinxarKnights]

Mojang, makers of Minecraft, Scrolls and Cobalt was affected as well.

 

[bebangs]

should i panic?

 

[SinxarKnights]

should i panic?

Couldn't hurt.

 

[ddpruitt]

The explanation you linked to has some technical inaccuracies (for one it's not the malloc that causes the problem, it's the actual copy a few lines down). The error is your standard unchecked unsafe memcopy operation. Basically an attacker can read up to 64Kib of the SSL server, whatever happens to be stored there is the attackers (even server password files). You also shouldn't change passwords on a website until the certs are updated, otherwise your new password might be compromised too. You should also change all of your passwords. As pointed out, even if a frontend system isn't vulnerable something on the backend might be. Last time I had my password compromised (KickStarter) I switched to using a password manager, it makes these things much easier to deal with.

 

[teh_chem]

2nd factor authentication is the easiest thing everyone can do to help secure their accounts--that should be at the very top of the list, after notifying people of the affected services. Disappointing to see it buried in the middle, despite good info in this post.

 

[slm34]

Walmart tests vulnerable as of today, 12:30PM EST, 10Apr2014

 

[slm34]

Walmart tests vulnerable as of today, 12:30PM EST, 10Apr2014

A few minutes before, perhaps 12:28PM EST, the filippo.io test showed walmart.com as Vulnerable, I tested it again, as last night I received the "Uh-oh, something went wrong: ..." response from the filippo.io test. It again came back "Vulnerable". After posting to this site, I again tested it, and it came back like last night: "Uh-oh, something went wrong...broken pipe..." which in their FAQ is further described, including..." This error means that I can't tell if the server is vulnerable (probably not)."

For this site, I would not assume all is well until the "something went wrong" response clears....

 

[arseniosantos]

I checked chase.com on Tuesday morning, and it _was_ listed as vulnerable up until around 11:00am PDT.

 

[Tom Tancredi]

Hey Tom's Hardware, HOW about someone test SecondLife and see if they suffer from the issue? Curious if the application clients can be susceptible as well.

 

[bugmenotplz]

That Netcraft's Site Report tool doesn't seem to work. I don't see "Supported TLS Extensions" anywhere on the page. I tried it on sites that were definitely affected by Heartbleed, such as yahoo and tumblr but still nothing.

 

[ckaspereli]

The pathological liars at the NSA should've known about this and let the public know but they are
either incompetent and/or as we've found recently, utterly and contemptuously
untrustworthy. The clueless immoral SOB's that run the incestuous
CIA/NSA complex are solely interested in the billions of dollars they get to
spend that allows them to arrogantly strut and prance about and baldly
lie to congress fabricating bogus claims of national top secrecy ad
nauseum.

 

[ckaspereli]

The pathological screwball liars at the NSA should've known about this issue 2 years ago and let the public know but they were evidently too busy spending hard-earned tax-payer's money on equipment to spy on us and hence are flagrantly incompetent and/or as we've found recently, utterly and contemptuously untrustworthy. The clueless immoral SOB's that run the incestuous CIA/NSA complex are solely interested in the billions of dollars they get to spend that allows them to arrogantly strut and prance about and baldly lie to congress fabricating bogus claims of national top secrecy ad nauseum.