[Heartbleed bug] Have you changed your internet passwords yet?

  • Thread starter Thread starter D H
  • Start date Start date
  • Tags Tags
    Bug Internet
Click For Summary

Discussion Overview

The discussion revolves around the Heartbleed bug, its implications for internet security, and the necessity of changing passwords on potentially affected websites. Participants explore the vulnerability's impact on secure websites and the role of organizations like the NSA in relation to the bug.

Discussion Character

  • Debate/contested
  • Technical explanation

Main Points Raised

  • Some participants express concern that passwords on secure websites may not be safe due to the Heartbleed bug.
  • Questions are raised about whether Physics Forums uses OpenSSL.
  • Multiple participants inquire about lists of websites that indicate which are currently secure or compromised.
  • A participant shares a link to a Mashable article listing affected websites, highlighting that AOL was included.
  • Another participant references a Bloomberg article suggesting that the NSA was aware of the Heartbleed vulnerability for an extended period and exploited it without informing the public.
  • A speculative comment suggests that creating a website to collect user data could be a method to exploit the situation.

Areas of Agreement / Disagreement

Participants do not reach a consensus on the security status of various websites or the implications of the Heartbleed bug, with multiple competing views and concerns expressed.

Contextual Notes

Participants reference various sources and articles, but the discussion does not resolve the uncertainty regarding the security of specific websites or the actions of organizations like the NSA.

D H
Staff Emeritus
Science Advisor
Homework Helper
Insights Author
Messages
15,524
Reaction score
769
If you haven't, you should rethink that thanks to the heartbleed bug. Your passwords on a supposedly secure website most likely are not secure, thanks to this bug.

The last two xkcd.com cartoons depict the problem quite nicely:

heartbleed.png



heartbleed_explanation.png
 
Computer science news on Phys.org
Does physicsforums use open SSL?
 
Is there a list of (important) websites that says which sites are secure (now) and which aren't?
 
http://www.bloomberg.com/news/2014-...e-used-heartbleed-bug-exposing-consumers.html

Bloomberg reports that, according to “two people familiar with the matter,” the NSA has known about the Heartbleed vulnerability for at least two years—and was exploiting it to collect information about people instead of informing those vulnerable and getting it fixed.

According to Slate, "In early 2012 Heartbleed was mistakenly introduced into the code for OpenSSL, an open-source software component for certain popular types of encryption. It would make sense if the NSA found it soon after, because—in addition to using its influence to weaken new or existing encryption—the agency also spends millions of dollars looking for software vulnerabilities that already exist around the Web, especially in open-source code that is more likely to have inconsistent oversight, and therefore bigger errors."
 
I guess if I wanted to collect a lot of user data right now, a good way would be set up a website where people can enter their the user names and passwords and have them checked to see if they have been stolen :devil:
 

Similar threads

How Can You Enhance Your Personal Internet Security Beyond Basic Passwords?
  • · Replies 2 ·
Replies
2
Views
1K
Old Unwanted Internet Accounts are a Pain
  • · Replies 44 ·
2
Replies
44
Views
6K
How Can You Improve Your Internet Search Skills?
  • · Replies 8 ·
Replies
8
Views
2K
Online password requirements have gotten ridiculous
  • · Replies 46 ·
2
Replies
46
Views
9K
Never Changed My Router Password - Got Attacked?
  • · Replies 7 ·
Replies
7
Views
2K
Lessons From the Millennium Bug
  • · Replies 25 ·
Replies
25
Views
5K
Security of computer data and passwords
  • · Replies 3 ·
Replies
3
Views
3K
How do you acquire your PC games? (If you play them)
  • · Replies 2 ·
Replies
2
Views
2K
How do you make your internet account hack-proof?
  • · Replies 6 ·
Replies
6
Views
3K
Should I be worried that I contracted malware?
  • · Replies 3 ·
Replies
3
Views
2K