cancel
Showing results for 
Search instead for 
Did you mean: 

OpenSSL

Anonymous
Not applicable
Are o2 able to confirm that the Community website, the mobile o2 app and the o2.co.uk website are secure so that those who want to can change their passwords as recommended? ?
Message 1 of 29
2,684 Views
28 REPLIES 28

Anonymous
Not applicable
Quite agree with that piperdog it should have been highlighted by O2 and many other major companies
Message 21 of 29
1,084 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

@Anonymous wrote:
Very true Bambino but I would have to add that their absence doesn't make it right. .... 😈

I never said anything about it being right or wrong. I was merely commenting that two of the biggest presences on the web had chosen not to publicise it, so O2 following suit was no surprise. In the general scheme of things, the number of people who frequent this forum is miniscule compared to Yahoo and Google. This problem was widely publicised in the news, and if O2 had notified customers before the patch was implemented, changing your password would have been a pointless exercise. If the site had been compromised, you would have just been giving the hacker your new password.

Not only that, but it's now known that this problem has existed for two years, but there's also no evidence that the flaw has been exploited. I've been reading lots of articles about this, and many say that there's no need for panic, but you should gradually change all your passwords, and check any bank accounts for anomalies. That's really all anyone can do.

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 22 of 29
1,076 Views

Anonymous
Not applicable
Hi Bambino

Your post is bang on the nail. (I appreciate you didn't specify right or wrong - was merely giving my thoughts).

I do however agree with @Anonymous on this subject. It is the companies who hold our data and as such I agree with him that ALL companies including o2 should have been giving customers advice.

It is widely reported on the news of course but many won't realise that it could apply to them.
Message 23 of 29
1,057 Views

aldaweb
Level 26: Upbeat
  • 1722 Posts
  • 50 Topics
  • 65 Solutions
Registered:

@Bambino wrote:

Not only that, but it's now known that this problem has existed for two years, but there's also no evidence that the flaw has been exploited.


 But the exploit doesn't leave any traces on the host server so the absence of evidence is not evidence of absence.

Best to check using one of the online vulnerability checkers prior to changing a password.

iPhone 14 Pro (O2 ), S23U (EE), iPad Pro LTE (EE), .

Reviews: iPhone-X-first-impressions ¦ Blackberry Classic ¦ Blackberry Z30 ¦ Nokia Lumia 1020 ¦ Samsung S4 Mini Part 1 ¦ Samsung S4 Mini Pt. 2
Message 24 of 29
1,051 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

@aldaweb wrote:

@Bambino wrote:

Not only that, but it's now known that this problem has existed for two years, but there's also no evidence that the flaw has been exploited.


 But the exploit doesn't leave any traces on the host server so the absence of evidence is not evidence of absence.

Best to check using one of the online vulnerability checkers prior to changing a password.


I agree, but usually the end purpose of these exploits is to steal money, and as there have been no news reports of major thefts you would hope that it was caught without too much damage being done, if any at all.

As far as online vulnerability checkers go, I use Last Pass, which has its own. There's also an extension you can run within Chrome called 'Chromebleed' which 'displays a warning if the site you are browsing is affected by the Heartbleed bug.'

Perhaps if you know of any other vulnerability checkers you could post a link to them?

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 25 of 29
1,041 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

I think this was what my I was trying to say, in my off-kilter way. 

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 26 of 29
1,032 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

A propos of this topic, here are two links that should be useful for many. The second link is, unfortunately, only for Android users.

http://bgr.com/2014/04/11/how-to-create-strong-passwords/

http://bgr.com/2014/04/11/how-to-test-for-heartbleed-on-my-android-phone/

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 27 of 29
1,011 Views

aldaweb
Level 26: Upbeat
  • 1722 Posts
  • 50 Topics
  • 65 Solutions
Registered:

@Bambino wrote:

Perhaps if you know of any other vulnerability checkers you could post a link to them?


 Just the one I already posted in the other thread

(https://www.ssllabs.com/ssltest/index.html) and the ones linked to in the BBC post referenced there.

 

iPhone 14 Pro (O2 ), S23U (EE), iPad Pro LTE (EE), .

Reviews: iPhone-X-first-impressions ¦ Blackberry Classic ¦ Blackberry Z30 ¦ Nokia Lumia 1020 ¦ Samsung S4 Mini Part 1 ¦ Samsung S4 Mini Pt. 2
Message 28 of 29
997 Views

anticpated
Level 30: Meditator
  • 3412 Posts
  • 164 Topics
  • 53 Solutions
Registered:

I did come across some other stuff although I don't think it will be user friendly. 

https://filippo.io/Heartbleed/

 

Samsung Galaxy S10, Samsung Galaxy S21 Ultra
Message 29 of 29
963 Views