 |
 | Search this Thread |
| 04-09-2014, 09:27 PM | #1 |
| "Heartbleed" internet bug | |
| 04-09-2014, 09:32 PM | #2 |
 Originally posted by Alliecat  Some lovely news from the internet... (<--sarcasm) This was on CBC news tonight, & is on some other reputable news sites, so it isn't one of those virus hoaxes. Basically it seems that people should be changing passwords to anything they want to keep private, but maybe not right away until sites fix the problems. I know a lot of groups have rules about not posting virus warnings, but since this one does seem to be legit & widespread, I hope it's ok to post here. http://www.businessinsider.com/heartblee...ner-2014-4 http://www.cnet.com/news/how-to-protect-...bleed-bug/ snopes.com: Heartbleed Changing passwords is a good idea, but an even better deterrent would be to simply avoid logging in to sites that ask for sensitive information for the next few months, unless absolutely necessary. The vulnerability they are talking about leads to the possibility of eavesdropping, where a malicious hacker might be able to see the data you're transmitting over a connection otherwise labeled as secure. Affected sites will need to a. patch the vulnerability and b. get new SSL certificate keys to prevent future eavesdropping in case some did manage to get through earlier. Since we're talking security one thing I'd recommend is to never use the same password twice anywhere on the net. That'll prevent multiple accounts from being compromised in case someone sees your password. Adam PentaxForums.com Webmaster (Site Usage Guide | Site Help | My Photography)    PentaxForums.com server and development costs are user-supported. You can help cover these costs by donating or purchasing one of our Pentax eBooks. Or, buy your photo gear from our affiliates, Adorama, B&H Photo, KEH, or Topaz Labs, and get FREE Marketplace access - click here to see how! Trusted Pentax retailers:    | |
| 04-10-2014, 05:21 AM | #3 |
| 04-10-2014, 08:32 AM | #4 |
| 04-10-2014, 09:05 AM | #5 |
| 04-10-2014, 09:22 AM | #6 |
|
A few points: This is a discovered vulnerability in some software that encrypts data sent to "https:", which can be pretty well anything that involves financial transactions. At this point, it is a hypothetical threat, although it doesn't require a virus to be installed on the compromised server, so we really don't have any way of knowing if this vulnerability has been exploited for evil yet. It doesn't retrieve stored passwords, but if someone can get a copy of the data you send over the Internet to "secure" webpages, that data (including any passwords you entered) can be decrypted and read; so a hacker has to have access to both the server and the network the server is connected to. Which, unfortunately, is not as difficult as you might think. Most, if not all, of the popular web services have been compromised in the past, including Facebook and Hotmail, and there is a good probability that the password(s) you use to access those services is in the hands of someone else. If you want to be able to access services from a variety of computers and devices, password vaults are a real PITA, so you need to keep your passwords in your head or within reach. My suggestion is pick a password that you don't use for any banking or automatic credit card billing, and set every social network password to it. It will probably get stolen, but we all need a good excuse for slanderous and embarrassing Facebook posts, so when your account gets hacked, it's not the end of the world. Then change your password for every bank account and automatic online payment to something you haven't used in the past. Use at least two different passwords for web services where there is real money at risk, so only half of your accounts are vulnerable at a time. Finally, pick another password that you have never used before, and never use it where spouses, kids, co-workers, etc. can see your fingers on the keyboard. Save that password for when one of your other passwords have been compromised, and you need to fix the damage. Trust absolutely no one with that password. No matter how honest or reliable someone is, they can still be careless. That means you only have to remember four passwords, so you shouldn't need to write down your passwords on a sticky note, and if you get in an emergency where you need to access an online account, you don't need to worry about keeping that note with you at all times. ---------- Post added 04-10-14 at 10:39 AM ---------- Originally posted by wombat2go openssh is said to not be affected | |
| 04-10-2014, 10:09 AM | #7 |
|
I do what I can to be safe on the net, but my biggest concern is squirrels eating into my phone and cable lines. AT&T just replaced 500 feet of phone line here...for the 2nd time in two years. It had a gazillion holes in it where squirrels had sharpened their teeth and sampled the tasty colored wires. The crew replacing the lines said someone must be feeding the damn rodents, the ones he saw were almost too fat to walk the phone & cable lines......I assured him I would keep an eye out for any such person and report them immediately.  I can see where a couple of these could cause sever line sag........   Regards!  | |
|
| Bookmarks |
| Tags - Make this thread easier to find by adding keywords to it! |
| access, account, computer, data, password, passwords, server, services |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Optical differences between Pentax "K", "M", and "A" lenses | 6BQ5 | Pentax SLR Lens Discussion | 31 | 01-10-2014 01:02 PM |
| Don't say Pentax "Q" in French ... "Q" = "cul" = "A--" | Jean Poitiers | Pentax Q | 52 | 11-10-2013 06:25 AM |
| "Live Security Platinum" virus :( | Alliecat | General Talk | 5 | 09-23-2012 09:56 PM |
| Suggestion Add subsections to the "Nature" option in "Post Your Photos" | jpzk | Site Suggestions and Help | 2 | 07-22-2012 12:04 PM |
| Virus and "OEM Restore Disc" | Duh_Vinci | General Talk | 25 | 12-14-2008 12:01 PM |
