-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Heartbleed Bug: Serious Hole in Internet Security
Page 6 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
I'm sure someone will try. You have to applaud Cloudflare's balls. If they're wrong it will be a very public mistake.
Virgorising
Diamond Member
Not to mistake HUBRIS for balls. To me, they are polar opposites.
Miramonti
Lifer
This bug and it's publicity is a phisher's gift from heaven.
Phishing might be become as much a nightmare entrapping people to give up their passwords as the actual hacking risk, as sites are sending out password alerts and fake alerts phishing for passwords are sure to follow soon.
Phishing might be become as much a nightmare entrapping people to give up their passwords as the actual hacking risk, as sites are sending out password alerts and fake alerts phishing for passwords are sure to follow soon.
Last edited:
Virgorising
Diamond Member
I swear, in recent days I've been receiving more SPAM than usual. Unfair to associate that to this thing, tho.
But, anyone who gets sucked into pishing mails, opens their attachments, gives any info at all, rather than reports them/forwards them to the company the hackers are trying to hack, at this point in time, should maybe not be online at all.
I know....harsh. But it's 2014. People should know by know.
Last edited:
Miramonti
Lifer
Well, we know people get caught in phishing...this is going to make it even easier for a certain population. Some people really only want to get into this 'digital sh!t' any further than they have to - email to keep in touch with family - and a few select sites, especially but not limited to the older generations. It is what it is.
mmntech
Lifer
The NSA is keeping 'Merica safe, unless those matters of national security get in the way of their cold war mentality.
Virgorising
Diamond Member
Miramonti
Lifer
No sh!t. Atleast the NSA prevented the Boston Marathon bombing tho. Oh wait...
haha
Virgorising
Diamond Member
Seriously, could anyone have prevented that horrific? And now, Russia is refusing to share data on when the now dead brother studied there. Read: was trained there.
I have good friends in Beantown.....and they don't think it could have been prevented either. These unimaginable events make us feel so vulnerable we often need to think a given event could have been precluded.
Truth is...MANY ARE precluded.
I mean it. I fix everyone's computers, always tried to show them, empower them, and I always make it fun, cause it CAN BE FUN......I am still boggled by that nobody wants to learn. And these are mostly smart young professionals.
Re pishing mails, when very occasionally I get one---sometimes not even re a company I have ever dealt with---truth is, I feel insulted, given how obvious they are, and think "How dumb do you think we are?"
Last edited:
Miramonti
Lifer
I see people all the time that technology requires a part of their brain that simply doesn't seem to get blood. They could be brilliant in other areas tho. My mom, who's intelligent and artistic, but old, went out and bought the latest microsoft office because she couldn't open an email attachment she thought she needed (a .scr virus)...
There's no use trying to fight it - people are out there that don't have much patience, desire, and even capacity, for understanding technology, but that doesn't necessarily make them idiots (such as an english professor that can't do math or a math wiz that can't spell.)
Virgorising
Diamond Member
OUCH! But I swear I don think this ouch is age indigenous.
I guess I am. Still trying to fight it, I mean.
My take away in this is.....bottom line: the health of being passionately interested every nano! As I have come to and sometimes say, the definition of an interESTING person, is simply a person who is interESTED. I mean ingenuously, filled with wonder, apolitically....like a child before it learns to shut down and become some necrotic version of COOL.....as in old school Superheros.
blurredvision
Lifer
I'm part of a managed services team that support dozens of clients, all with differing environments. How can I determine what exactly is affected? I know that's not an easy answer but is there is a growing list of devices/software that is vulnerable, or what can I check for in particular?
This thing is a nightmare right now.
This thing is a nightmare right now.
Sure seems like the publicity of this is causing virtually every company out there to make a statement about whether it is vulnerable or not.
blurredvision
Lifer
The problem is the amount of devices we employ across our many clients is not necessarily tracked well (or at all). We deploy very common solutions when available but we inherit a ton of stuff that sometimes we just know nothing about. For a managed services outfit like ourselves, this sucks.
JamesV
Platinum Member
I assume many of us here use online banking and buy things at online sites like Steam and Amazon.
So what are you doing about it?
I had to call Capital One earlier, because my great aunt was in the hospital when her bill was due, and they charged her a late payment fee. I explained it to the CS rep, and they took it off her bill. I then asked about Heartbleed, and if Capital One's online banking site was protected.
Yea, I should have known better... rep had no clue, and hadn't even heard of this. Read in the local paper that CNET has a list of sites that have 'patched' the hole, and going to check it tomorrow.
Just wondering if any of you are doing anything drastic about this, or letting it slide like Y2K.
So what are you doing about it?
I had to call Capital One earlier, because my great aunt was in the hospital when her bill was due, and they charged her a late payment fee. I explained it to the CS rep, and they took it off her bill. I then asked about Heartbleed, and if Capital One's online banking site was protected.
Yea, I should have known better... rep had no clue, and hadn't even heard of this. Read in the local paper that CNET has a list of sites that have 'patched' the hole, and going to check it tomorrow.
Just wondering if any of you are doing anything drastic about this, or letting it slide like Y2K.
Red Squirrel
No Lifer
One thing for sure, this bug will make everybody rethink about encryption. Sometimes we hide behind encryption and think we're safe, but this sure as hell proved that's not always the case. VPN with a bad encryption engine may as well be a RPN (Real Public Network 😛)
It's probably safe to say the NSA has a lot to do with this, or at the very least, has exploited it quite a lot. These days it's not really hackers you have to worry about. Most of them are just bored kids wanting to screw around with your systems for fun and games. It's the government you have to worry about, they're the ones that can make you disappear.
I'm going to give it about a month, then go around and change all my passwords. Though I probably should change them now, and in a few months. In fact for the next year or so it's probably not a bad idea to change passwords every now and then. The issue is if you change it before a site gets patched and certs issued, it can still be hacked. Lot of sites may be reporting that they patched it, but did they reissue certs?
It's probably safe to say the NSA has a lot to do with this, or at the very least, has exploited it quite a lot. These days it's not really hackers you have to worry about. Most of them are just bored kids wanting to screw around with your systems for fun and games. It's the government you have to worry about, they're the ones that can make you disappear.
I'm going to give it about a month, then go around and change all my passwords. Though I probably should change them now, and in a few months. In fact for the next year or so it's probably not a bad idea to change passwords every now and then. The issue is if you change it before a site gets patched and certs issued, it can still be hacked. Lot of sites may be reporting that they patched it, but did they reissue certs?
Last edited:
Well there you go. The first guy sent 2.5 million requests, and they did say they rebooted the server in the middle of his run, which may have put the keys back into memory. But anyway, two people got them, and that's bad.
lxskllr
No Lifer
Maybe this will get more companies using PFS. Turds like Yahoo won't until their making a death spiral down the toilet, but better managed companies might give it more consideration. It won't protect against a real time data grab, but at least keys won't be around to decrypt history.
FelixDeCat
Lifer
Last edited:
I would mildly disagree. I did hear an "expert" on National Public Radio state that it is most important to change your email passwords if you do not wish to change all others. 🙂awe🙂
If nothing else this serves as a reminder do not use the same password for all sites, make them complex , and change them regularly;
I have a very old NetZero email account that I use very infrequently and the password dialog only allows up to 12 characters and only numbers and letters. I believe I will be closing it out today!
Last edited:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-
