[Heartbleed bug] Have you changed your internet passwords yet?

In summary, the heartbleed bug has caused major concern about the security of passwords on supposedly secure websites. The xkcd.com cartoons accurately depict the issue, and there is a list of affected websites available. It is reported that the NSA has known about the vulnerability for at least two years and has been exploiting it to collect information. The bug was mistakenly introduced into the code for OpenSSL, and the NSA spends millions of dollars searching for vulnerabilities in open-source code.
  • #1
D H
Staff Emeritus
Science Advisor
Insights Author
15,464
690
If you haven't, you should rethink that thanks to the heartbleed bug. Your passwords on a supposedly secure website most likely are not secure, thanks to this bug.

The last two xkcd.com cartoons depict the problem quite nicely:

heartbleed.png



heartbleed_explanation.png
 
Physics news on Phys.org
  • #2
Does physicsforums use open SSL?
 
  • #3
Is there a list of (important) websites that says which sites are secure (now) and which aren't?
 
  • #6
http://www.bloomberg.com/news/2014-...e-used-heartbleed-bug-exposing-consumers.html

Bloomberg reports that, according to “two people familiar with the matter,” the NSA has known about the Heartbleed vulnerability for at least two years—and was exploiting it to collect information about people instead of informing those vulnerable and getting it fixed.

According to Slate, "In early 2012 Heartbleed was mistakenly introduced into the code for OpenSSL, an open-source software component for certain popular types of encryption. It would make sense if the NSA found it soon after, because—in addition to using its influence to weaken new or existing encryption—the agency also spends millions of dollars looking for software vulnerabilities that already exist around the Web, especially in open-source code that is more likely to have inconsistent oversight, and therefore bigger errors."
 
  • #7
I guess if I wanted to collect a lot of user data right now, a good way would be set up a website where people can enter their the user names and passwords and have them checked to see if they have been stolen :devil:
 

1. What is the Heartbleed bug?

The Heartbleed bug is a security vulnerability in the popular OpenSSL cryptographic software library, which is used to protect sensitive data on many websites. It allows attackers to access and steal sensitive information, such as passwords, from affected websites.

2. How does the Heartbleed bug work?

The Heartbleed bug works by exploiting a flaw in the OpenSSL software that manages the secure connection between a user's computer and a website. It allows an attacker to access a small amount of data from the server's memory, which could contain sensitive information such as usernames and passwords.

3. How can I protect myself from the Heartbleed bug?

The best way to protect yourself from the Heartbleed bug is to change your passwords on all websites that were affected by the vulnerability. You can also check to see if a website is vulnerable by using online tools or contacting the website's customer support.

4. What websites were affected by the Heartbleed bug?

Many popular websites, including social media platforms, online banking sites, and e-commerce websites, were affected by the Heartbleed bug. Some of the most notable ones include Google, Facebook, Yahoo, and Amazon. It is recommended to change your passwords on all websites, even if they were not confirmed to be affected.

5. Should I change my passwords even if the website says they have fixed the Heartbleed bug?

Yes, it is still recommended to change your passwords on websites that have fixed the Heartbleed bug. This is because there is no way to know for sure if your information was accessed before the bug was fixed. It is better to be cautious and change your passwords to ensure the security of your accounts.

Similar threads

Online password requirements have gotten ridiculous
    • General Discussion
2
Replies
46
Views
7K
Old Unwanted Internet Accounts are a Pain
    • Computing and Technology
2
Replies
44
Views
3K
Finding Meaningful Work: Career Advice for Young Scientists
    • General Discussion
Replies
15
Views
663
Lessons From the Millennium Bug
    • Computing and Technology
Replies
25
Views
3K
Never Changed My Router Password - Got Attacked?
    • Computing and Technology
Replies
7
Views
2K
Focus all of your ire on me, if you would
    • General Discussion
Replies
4
Views
659
How do you acquire your PC games? (If you play them)
    • Computing and Technology
Replies
2
Views
1K
Security of computer data and passwords
    • Computing and Technology
Replies
4
Views
3K
I Physical Universe vs. Simulated Universe
    • Quantum Interpretations and Foundations
Replies
3
Views
972
Welcome back, G01! How has PF changed since you last logged on?
    • General Discussion
Replies
12
Views
1K

Hot Threads

Recent Insights

Back
Top