on 12-04-2014 21:06
on 12-04-2014 21:06
on 13-04-2014 04:29
on 13-04-2014 08:33
on 13-04-2014 08:33
@Anonymous wrote:
Very true Bambino but I would have to add that their absence doesn't make it right. .... 😈
I never said anything about it being right or wrong. I was merely commenting that two of the biggest presences on the web had chosen not to publicise it, so O2 following suit was no surprise. In the general scheme of things, the number of people who frequent this forum is miniscule compared to Yahoo and Google. This problem was widely publicised in the news, and if O2 had notified customers before the patch was implemented, changing your password would have been a pointless exercise. If the site had been compromised, you would have just been giving the hacker your new password.
Not only that, but it's now known that this problem has existed for two years, but there's also no evidence that the flaw has been exploited. I've been reading lots of articles about this, and many say that there's no need for panic, but you should gradually change all your passwords, and check any bank accounts for anomalies. That's really all anyone can do.
on 13-04-2014 13:16
on 13-04-2014 13:16
on 13-04-2014 13:23
on 13-04-2014 13:23
@Bambino wrote:Not only that, but it's now known that this problem has existed for two years, but there's also no evidence that the flaw has been exploited.
But the exploit doesn't leave any traces on the host server so the absence of evidence is not evidence of absence.
Best to check using one of the online vulnerability checkers prior to changing a password.
on 13-04-2014 14:35
on 13-04-2014 14:35
@aldaweb wrote:
@Bambino wrote:Not only that, but it's now known that this problem has existed for two years, but there's also no evidence that the flaw has been exploited.
But the exploit doesn't leave any traces on the host server so the absence of evidence is not evidence of absence.
Best to check using one of the online vulnerability checkers prior to changing a password.
I agree, but usually the end purpose of these exploits is to steal money, and as there have been no news reports of major thefts you would hope that it was caught without too much damage being done, if any at all.
As far as online vulnerability checkers go, I use Last Pass, which has its own. There's also an extension you can run within Chrome called 'Chromebleed' which 'displays a warning if the site you are browsing is affected by the Heartbleed bug.'
Perhaps if you know of any other vulnerability checkers you could post a link to them?
on 13-04-2014 15:44
on 13-04-2014 15:44
I think this was what my I was trying to say, in my off-kilter way.
on 13-04-2014 18:14
on 13-04-2014 18:14
A propos of this topic, here are two links that should be useful for many. The second link is, unfortunately, only for Android users.
http://bgr.com/2014/04/11/how-to-create-strong-passwords/
http://bgr.com/2014/04/11/how-to-test-for-heartbleed-on-my-android-phone/
on 13-04-2014 21:02
on 13-04-2014 21:02
@Bambino wrote:Perhaps if you know of any other vulnerability checkers you could post a link to them?
Just the one I already posted in the other thread
(https://www.ssllabs.com/ssltest/index.html) and the ones linked to in the BBC post referenced there.
on 14-04-2014 23:06
on 14-04-2014 23:06
I did come across some other stuff although I don't think it will be user friendly.
https://filippo.io/Heartbleed/