'Heartbleed' threat puts passwords, credit cards and other data at risk


Firearm & Gun Forum - FireArmsTalk.com > General Discussion Forums > The Club House > 'Heartbleed' threat puts passwords, credit cards and other data at risk

Reply
 
LinkBack Thread Tools Display Modes
Old 04-09-2014, 04:00 AM   #1
Coffee! If your not shaking, you need another cup
FTF_SUPPORTER.png
Feedback Score: 0 reviews
 
Bigcountry02's Avatar
 
Join Date: Jan 2009
Location: Southwest
Posts: 6,660
Liked 2040 Times on 1194 Posts
Likes Given: 4391

Default 'Heartbleed' threat puts passwords, credit cards and other data at risk

Folks read this article.

http://www.foxnews.com/tech/2014/04/08/heartbleed-threat-puts-passwords-credit-cards-and-other-data-at-risk/

Passwords, credit cards and other sensitive data are at risk after security researchers discovered a problem with an encryption technology used to securely transmit email, e-commerce transactions, social networking posts and other Web traffic.

Security researchers say the threat, known as Heartbleed, is serious, partly because it remained undiscovered for more two years. Attackers can exploit the vulnerability without leaving any trace, so anything sent during that time has potentially been compromised. It's not known, though, whether anyone has actually used it to conduct an attack.

Researchers are advising people to change all of their passwords.

The flaw was discovered independently in recent days by researchers at Google Inc. and the Finnish security firm Codenomicon.

The breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. With the Heartbleed flaw, traffic was subject to snooping even if the padlock had been closed.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

Researchers at Codenomicon say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw. OpenSSL is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.

Despite the worries, Codenomicon said many large consumer sites don't have the problem because of their "conservative choice" of equipment and software. "Ironically smaller and more progressive services or those who have upgraded to (the) latest and best encryption will be affected most," the security firm added.

A fix came out Monday, but affected websites and service providers must install the update.

Yahoo's Tumblr blogging service uses OpenSSL. In a blog post Tuesday, officials at the service said they had no evidence of any breach and had immediately implemented the fix.

"But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr's blog post read. "This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."

Yahoo Inc. said its other services, including email, Flickr and search, also have the vulnerability. The company said some of the systems have already been fixed, while work is being done on the rest of Yahoo's websites.

The company reiterated its standard recommendation for people to change passwords regularly and to add a backup mobile number to the account. That number can be used to verify a user's identity if there are problems accessing the account because of hacking.



__________________
Bigcountry02 is offline  
 
Reply With Quote

Join FirearmsTalk.com Today - It's Free!

Are you a firearms enthusiast? Then we hope you will join the community. You will gain access to post, create threads, private message, upload images, join groups and more.

Firearms Talk is owned and operated by fellow firearms enthusiasts. We strive to offer a non-commercial community to learn and share information.

Join FirearmsTalk.com Today! - Click Here


Old 04-09-2014, 04:44 AM   #2
Feedback Score: 0 reviews
 
boatme98's Avatar
 
Join Date: Feb 2008
Location: Mid Tennessee
Posts: 3,922
Liked 2118 Times on 1351 Posts
Likes Given: 1217

Default

I've just never believed that anything on the web is secure. Ever.
There is always somebody, somewhere, cracking anything that comes along.
People that believe the internet is secure are just living in a fools paradise.



__________________

Gone turducken huntin'

boatme98 is offline  
 
Reply With Quote
Old 04-10-2014, 06:02 AM   #3
Coffee! If your not shaking, you need another cup
FTF_SUPPORTER.png
Feedback Score: 0 reviews
 
Bigcountry02's Avatar
 
Join Date: Jan 2009
Location: Southwest
Posts: 6,660
Liked 2040 Times on 1194 Posts
Likes Given: 4391

Default

Some additional information. I wonder if the servers of web sites will fix this problem?

http://www.theblaze.com/stories/2014/04/09/heartbleed-how-the-net-bug-that-caught-tech-experts-by-surprise-affects-you/

•This week web experts discovered a huge flaw in the security software used by millions of Web sites — including many banks, e-mail and social media services.

•While it is a serious concern for all web users, individual Internet users cannot take direct steps to fix the bug; it exists on Internet servers

•If a site you use is still vulnerable, any hacker who understands how to exploit the weakness will have access to names and passwords, email and message content — truly any data shared over the supposedly secure connection.

•This does not mean your information has already been affected or stolen, but it does mean your personal information is vulnerable to theft until the code fix is applied to each affected server.

__________________
Bigcountry02 is offline  
 
Reply With Quote
Old 04-11-2014, 05:43 PM   #4
Administrator
FTF_ADMIN.png
Feedback Score: 1 reviews
 
Shooter's Avatar
 
Join Date: Mar 2011
Posts: 571
Liked 245 Times on 119 Posts
Likes Given: 76

Default

It's fixed on our end.

Shooter is offline  
Bigcountry02 Likes This 
Reply With Quote
Old 04-11-2014, 06:01 PM   #5
Feedback Score: 0 reviews
 
Join Date: Nov 2012
Location: North Carolina
Posts: 6,624
Liked 2208 Times on 1517 Posts
Likes Given: 820

Default

The only way to be safe from this exploit is to change your passwords on a regular basis. There is going to be some delay in the installation of the fix. I plan to start changing my passwords every month.

I also got a credit monitoring service. If you have a Target credit/debit card you can get a year of credit monitoring for free until 4/30/14.

__________________
John_Deer is offline  
 
Reply With Quote
Old 04-11-2014, 11:47 PM   #6
Feedback Score: 0 reviews
 
Yunus's Avatar
 
Join Date: Jan 2009
Location: |,Maryland
Posts: 4,970
Liked 1246 Times on 737 Posts
Likes Given: 395

Default

Yes this problem will be fixed. SSL is integral to a secure internet and this is NOT a flaw in SSL but a flaw in a particular program that used it... but it was one of the most popular programs around.

The downside to this exploit is that normally you can be safe because unless someone targets YOU then its a non issue. But this thing potentially gave access to THE private cert that sites used. If a site were compromised and then patched but doesnt get a new cert its like seeing someone broke into your house and you fixed the door but didnt change the lock



__________________

"Good people drink good beer."
Hunter S. Thompson

Yunus is online now  
 
Reply With Quote
Reply

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Firearms Forum Replies Last Post
Credit Cards mjkeat AR-15 Discussion 8 03-05-2012 03:52 AM
If you use Credit Cards, read this layton The Club House 7 08-28-2009 08:12 PM