[Heartbleed bug] Have you changed your internet passwords yet?

  • Thread starter Thread starter D H
  • Start date Start date
  • Tags Tags
    Bug Internet
AI Thread Summary
The discussion centers around the Heartbleed bug, a significant security vulnerability in OpenSSL that compromises the security of passwords on supposedly secure websites. Concerns are raised about the potential exposure of user data due to this bug, with references to xkcd cartoons illustrating the issue. Questions are posed regarding whether specific websites, including Physics Forums, use OpenSSL and if there are reliable lists of secure and insecure sites. Reports indicate that the NSA may have been aware of the Heartbleed vulnerability for two years, allegedly exploiting it to gather information without informing affected users. The vulnerability was introduced into OpenSSL's code in early 2012, highlighting the risks associated with open-source software and its oversight. The discussion also touches on the idea of creating a website to check if user credentials have been compromised, emphasizing the ongoing concerns about data security in the wake of Heartbleed.
D H
Staff Emeritus
Science Advisor
Homework Helper
Insights Author
Messages
15,524
Reaction score
769
If you haven't, you should rethink that thanks to the heartbleed bug. Your passwords on a supposedly secure website most likely are not secure, thanks to this bug.

The last two xkcd.com cartoons depict the problem quite nicely:

heartbleed.png



heartbleed_explanation.png
 
Physics news on Phys.org
Does physicsforums use open SSL?
 
Is there a list of (important) websites that says which sites are secure (now) and which aren't?
 
http://www.bloomberg.com/news/2014-...e-used-heartbleed-bug-exposing-consumers.html

Bloomberg reports that, according to “two people familiar with the matter,” the NSA has known about the Heartbleed vulnerability for at least two years—and was exploiting it to collect information about people instead of informing those vulnerable and getting it fixed.

According to Slate, "In early 2012 Heartbleed was mistakenly introduced into the code for OpenSSL, an open-source software component for certain popular types of encryption. It would make sense if the NSA found it soon after, because—in addition to using its influence to weaken new or existing encryption—the agency also spends millions of dollars looking for software vulnerabilities that already exist around the Web, especially in open-source code that is more likely to have inconsistent oversight, and therefore bigger errors."
 
I guess if I wanted to collect a lot of user data right now, a good way would be set up a website where people can enter their the user names and passwords and have them checked to see if they have been stolen :devil:
 

Similar threads

How Can You Enhance Your Personal Internet Security Beyond Basic Passwords?
Replies
2
Views
1K
How Can You Improve Your Internet Search Skills?
Replies
8
Views
2K
Online password requirements have gotten ridiculous
Replies
46
Views
8K
Old Unwanted Internet Accounts are a Pain
Replies
44
Views
5K
Lessons From the Millennium Bug
Replies
25
Views
4K
Never Changed My Router Password - Got Attacked?
Replies
7
Views
2K
Finding Meaningful Work: Career Advice for Young Scientists
Replies
15
Views
2K
Security of computer data and passwords
Replies
3
Views
3K
How do you acquire your PC games? (If you play them)
Replies
2
Views
2K
Focus all of your ire on me, if you would
Replies
4
Views
2K

Hot Threads

Recent Insights

Back
Top