Moderators hazelnut Posted April 8, 2014 Moderators Share Posted April 8, 2014 http://techcrunch.com/2014/04/07/massive-security-bug-in-openssl-could-effect-a-huge-chunk-of-the-internet/ I saw a t-shirt one time. “I’m a bomb disposal technician,” it read. “If you see me running, try to keep up.”The same sort of idea can be applied to net security: when all the net security people you know are freaking out, it’s probably an okay time to worry.This afternoon, many of the net security people I know are freaking out. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Corona Posted April 8, 2014 Share Posted April 8, 2014 Onslow - "Oh nice." Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 9, 2014 Author Moderators Share Posted April 9, 2014 This is what it is about in easy to read terms. It affects all of us at the moment in one way or another. Very worrying indeed. http://heartbleed.com/ Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
eL_PuSHeR Posted April 9, 2014 Share Posted April 9, 2014 I have read that it's mostly patched now. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 9, 2014 Author Moderators Share Posted April 9, 2014 There are lots of places that haven't done anything yet. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators mta Posted April 10, 2014 Moderators Share Posted April 10, 2014 it's made it to be one of the leading news stories here now. the 'security experts' being dug up and dumped in front of the cameras are saying to change all your passwords - which is pointless unless every piece of the puzzle between your PC and the info you are after gets their act together. Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted April 11, 2014 Share Posted April 11, 2014 yeah, wait until the sites have announced a patch (or whether or not one is needed for them) before changing your passwords. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
TheWebAtom Posted April 11, 2014 Share Posted April 11, 2014 ...via XKCD I'm Shane. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted April 11, 2014 Share Posted April 11, 2014 Yep, that's the gist of it. Also worth noting that this only works because it dumps the additional characters from memory, where they're stored plaintext winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators mta Posted April 11, 2014 Moderators Share Posted April 11, 2014 nice find with the graphic Shane, that should explain it even to my wife Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
Willy2 Posted April 11, 2014 Share Posted April 11, 2014 "NSA knew about the bug for 2 years" http://market-ticker.org/akcs-www?post=228928 http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html System setup: http://speccy.piriform.com/results/gcNzIPEjEb0B2khOOBVCHPc A discussion always stimulates the braincells !!! Link to comment Share on other sites More sharing options...
Moderators Nergal Posted April 11, 2014 Moderators Share Posted April 11, 2014 "NSA knew about the bug for 2 years" http://market-ticker.org/akcs-www?post=228928 http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html Not suprising. NSA are by all means Black Hats, they're just the Black Hats that keep the other Black Hats at bay. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Willy2 Posted April 13, 2014 Share Posted April 13, 2014 MS did put out a security update for Windows 7 on april 12/13. Was this the patch for this security bug ? System setup: http://speccy.piriform.com/results/gcNzIPEjEb0B2khOOBVCHPc A discussion always stimulates the braincells !!! Link to comment Share on other sites More sharing options...
Winapp2.ini Posted April 13, 2014 Share Posted April 13, 2014 The problem is in OpenSSL not Windows. so probably not. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 13, 2014 Author Moderators Share Posted April 13, 2014 Robin Seggelmann, a German software developer says he didn't create the SSL flaw deliberately. ''In one of the new features, unfortunately, I missed validating a variable containing a length,” he told the Herald. And his co-workers missed it, too.For those who aren’t coders, the end result is this: Anyone aware of the glitch could “eavesdrop” on the ways that computer servers and sites communicate with each other and swipe information without being detected http://blog.sfgate.com/techchron/2014/04/10/man-responsible-for-heartbleed-it-was-not-intended-at-all/ Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators Nergal Posted April 13, 2014 Moderators Share Posted April 13, 2014 The bug is (for the most part) server side, the comsumer cannot patch it. Only websites (vpns and access nodes included) are at risk, many will send letters out informing you either to change your password or that they were not effected. However the most security minded paranoid should change every password they've created in the past 5-to-10 years. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 13, 2014 Author Moderators Share Posted April 13, 2014 There is no point in changing the password unless the site you are changing them for has applied the patch . However quite a few such as LastPass and DropBox already have. Have heard of two phishing emails so far about this bug, pretending to be from sites most people would use Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 13, 2014 Author Moderators Share Posted April 13, 2014 Here is a really great explanation of things. Just a few words I know, but everyone will be able to understand what the issue is all about after reading it. Also how to test if sites you use have still got the bug. http://support.emsisoft.com/topic/14146-heartbleed-threat/?do=findComment&comment=107651 Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Willy2 Posted April 13, 2014 Share Posted April 13, 2014 Looks to me that MS considered - at least - one security issue too important to not wait with a security update. System setup: http://speccy.piriform.com/results/gcNzIPEjEb0B2khOOBVCHPc A discussion always stimulates the braincells !!! Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted April 13, 2014 Author Moderators Share Posted April 13, 2014 Looks to me that MS considered - at least - one security issue too important to not wait with a security update. Microsoft wasn't affected by the Heartbleed bug http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Alan_B Posted April 13, 2014 Share Posted April 13, 2014 Here is a really great explanation of things. Just a few words I know, but everyone will be able to understand what the issue is all about after reading it. Also how to test if sites you use have still got the bug. http://support.emsisoft.com/topic/14146-heartbleed-threat/?do=findComment&comment=107651 That was good. Another post there suggested Posted 2 minutes ago Heartbleed test - Which services are or have been exposed: (10 000 sites) https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt That list is defective. After listing 639 vulnerable sites, it list another group of 10,000 others which are mostly "Not Vulnerable" or "No SSL" Banks that I use now or in the past are NOT shown as vulnerable, Unfortunately they are shown as "No SSL" - INSTEAD IT SHOULD SAY UNTESTED, because the home pages are HTTP, but as soon as you click LOGIN the site switched to HTTPS before you enter anything. Must try harder Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now