Online Defense (Heartbleed Bug)

Online Defense (Heartbleed Bug)

This is a discussion on Online Defense (Heartbleed Bug) within the Home (And Away From Home) Defense Discussion forums, part of the Related Topics category; Some of you may be aware of a new security vulnerability that popped up on the web this weekend. It's called the Heartbleed bug and ...

Results 1 to 9 of 9
Like Tree6Likes
  • 2 Post By ElMonoDelMar
  • 1 Post By kb2wji
  • 1 Post By OutWestSystems
  • 1 Post By ElMonoDelMar
  • 1 Post By OutWestSystems

Thread: Online Defense (Heartbleed Bug)

  1. #1
    Senior Member Array ElMonoDelMar's Avatar
    Join Date
    Jun 2006
    Location
    Champaign, Illinois
    Posts
    647

    Online Defense (Heartbleed Bug)

    Some of you may be aware of a new security vulnerability that popped up on the web this weekend. It's called the Heartbleed bug and affects all websites that use OpenSSL. This includes many sites that take any form payment or store private information.

    I know we have a lot of folks on this site that may not be very tech savvy so I wanted to pass this information on. This article below explains more information about the vulnerability.

    How to protect yourself from the 'Heartbleed' bug - CNET

    Fortunately, the fix is simple. Once the affected website updates their SSL certificate, you should immediately change your password. This link below will allow you to check whether the site in question has updated their SSL cert. Changing your password before the cert is updated will not help.

    https://lastpass.com/heartbleed/

    I know we do have some tech geeks on the board so if anyone needs help with updating any of their passwords or figuring out if sites they frequent have been compromised, please post in this thread. I will keep an eye out for responses and I'm sure others will too.
    Last edited by ElMonoDelMar; April 10th, 2014 at 10:26 AM. Reason: Updated incorrect information
    Old Sarge and StormRhydr like this.


  2. #2
    Senior Member Array kb2wji's Avatar
    Join Date
    Mar 2010
    Location
    Tennessee
    Posts
    1,093
    Good info, thanks. Take out the "www" when you use that lastpass site, otherwise it wont recognize the site.

    I think my DC Forum account was compromised. Every stupid thing I've said on here wasn't me, I swear. Wait, this isn't a secure site. Now I got nothin.
    gasmitty likes this.

  3. #3
    Senior Member Array SgtRick's Avatar
    Join Date
    Mar 2012
    Location
    Republic of Texas, Afghanistan
    Posts
    585
    Its the NSA I bet.

    USMC Shooting Team
    Distinguished Pistol Shot Badge - 1986
    Texas CHL since 1996.

    Iraq 2004 to 2011.
    Afghanistan 2012 to present.

  4. #4
    VIP Member Array OutWestSystems's Avatar
    Join Date
    Apr 2013
    Location
    Colorado Springs, CO
    Posts
    2,171
    Quote Originally Posted by ElMonoDelMar View Post
    Some of you may be aware of a new security vulnerability that popped up on the web this weekend. It's called the Heartbleed bug and affects virtually all websites that use secure https. This includes almost all sites that take any form payment or store private information.
    Sorry but that is just not true, only sites that use OpenSSL are effected and that does not include the vast majority of large retail sites.
    Rock and Glock likes this.

  5. #5
    Senior Member Array ElMonoDelMar's Avatar
    Join Date
    Jun 2006
    Location
    Champaign, Illinois
    Posts
    647
    Quote Originally Posted by OutWestSystems View Post
    Sorry but that is just not true, only sites that use OpenSSL are effected and that does not include the vast majority of large retail sites.
    Changes made to OP to fix my mistake. A lot of sites I regularly use are popping up as vulnerable. I assumed the problem was much more widespread.

    Also, OWS is one of the tech geeks that I was referring to in my OP. He can answer any questions relating to this much better than I can.
    Rock and Glock likes this.

  6. #6
    VIP Member Array OutWestSystems's Avatar
    Join Date
    Apr 2013
    Location
    Colorado Springs, CO
    Posts
    2,171
    Quote Originally Posted by ElMonoDelMar View Post
    Changes made to OP to fix my mistake. A lot of sites I regularly use are popping up as vulnerable. I assumed the problem was much more widespread.

    Also, OWS is one of the tech geeks that I was referring to in my OP. He can answer any questions relating to this much better than I can.
    The problem with a LOT of the anti-spyware stuff is they are looking for SSL and saying it may be vulnerable instead of looking for that specific version of OpenSSL. So just because it says a site is vulnerable does not make it true.

    So what can you do?

    1. Change your passwords. Now you should be doing this every three months anyways (very few people do) just to make sure you stay protected.

    2. Make your passwords impossible to guess. Include capital letters (not at the start), numbers and symbols. Do not use any personal information in your password, no birthdays, ssn, address or phone numbers.

    3. Only give personal information when REQUIRED. Many sites ask for stuff they don't really need to know, don't give it to them.
    Rock and Glock likes this.

  7. #7
    Member Array Sarge65's Avatar
    Join Date
    Nov 2012
    Location
    Florida's Emerald Coast
    Posts
    176
    Quote Originally Posted by OutWestSystems View Post
    Sorry but that is just not true, only sites that use OpenSSL are effected and that does not include the vast majority of large retail sites.
    More specifically, OpenSSL 1.0.1 thru 1.0.1f. Version 1.0.01g is secure.
    The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants. It is it's natural manure. - T. Jefferson

  8. #8
    VIP Member
    Array OldVet's Avatar
    Join Date
    Nov 2009
    Location
    Hiding inside a bottle of Jim Beam Black.
    Posts
    17,331
    More specifically than the more specifically, I don't do online finances. Can't trust that internet thingie.
    Retired USAF E-8. Lighten up and enjoy life because:
    Paranoia strikes deep, into your heart it will creep. It starts when you're always afraid... "For What It's Worth" Buffalo Springfield

  9. #9
    VIP Member Array OutWestSystems's Avatar
    Join Date
    Apr 2013
    Location
    Colorado Springs, CO
    Posts
    2,171
    Quote Originally Posted by OldVet View Post
    More specifically than the more specifically, I don't do online finances. Can't trust that internet thingie.
    Even though YOU don't trust that internet thingie, your bank does. Also pretty much any company that you do business does.

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •