Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

[Heartbleed bug] Have you changed your internet passwords yet?

  1. Apr 11, 2014 #1

    D H

    User Avatar
    Staff Emeritus
    Science Advisor

    If you haven't, you should rethink that thanks to the heartbleed bug. Your passwords on a supposedly secure website most likely are not secure, thanks to this bug.

    The last two xkcd.com cartoons depict the problem quite nicely:

    heartbleed.png


    heartbleed_explanation.png
     
  2. jcsd
  3. Apr 11, 2014 #2
    Does physicsforums use open SSL?
     
  4. Apr 11, 2014 #3

    micromass

    User Avatar
    Staff Emeritus
    Science Advisor
    Education Advisor
    2016 Award

    Is there a list of (important) websites that says which sites are secure (now) and which aren't?
     
  5. Apr 11, 2014 #4
  6. Apr 11, 2014 #5
  7. Apr 12, 2014 #6

    Astronuc

    User Avatar

    Staff: Mentor

    http://www.bloomberg.com/news/2014-...e-used-heartbleed-bug-exposing-consumers.html

    Bloomberg reports that, according to “two people familiar with the matter,” the NSA has known about the Heartbleed vulnerability for at least two years—and was exploiting it to collect information about people instead of informing those vulnerable and getting it fixed.

    According to Slate, "In early 2012 Heartbleed was mistakenly introduced into the code for OpenSSL, an open-source software component for certain popular types of encryption. It would make sense if the NSA found it soon after, because—in addition to using its influence to weaken new or existing encryption—the agency also spends millions of dollars looking for software vulnerabilities that already exist around the Web, especially in open-source code that is more likely to have inconsistent oversight, and therefore bigger errors."
     
  8. Apr 12, 2014 #7

    AlephZero

    User Avatar
    Science Advisor
    Homework Helper

    I guess if I wanted to collect a lot of user data right now, a good way would be set up a website where people can enter their the user names and passwords and have them checked to see if they have been stolen :devil:
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook




Similar Discussions: [Heartbleed bug] Have you changed your internet passwords yet?
  1. Have you voted yet? (Replies: 9)

Loading...