Author Topic: Change Your Passwords: A Massive Bug Has Put Your Details  (Read 12589 times)

0 Members and 6 Guests are viewing this topic.

Offline mishca09

  • Q
  • *
  • Posts: 11386
Change Your Passwords: A Massive Bug Has Put Your Details
« on: April 13, 2014, 09:44:47 PM »
I posted this on theden and I thought it I would share it here to.

Change Your Passwords: A Massive Bug Has Put Your Details at Risk
Internet security experts are scrambling to assess the extent of the breach caused by a massive bug called Heartbleed in the OpenSSL technology that runs encryption for two-thirds of the web and went unnoticed for two years until last week


MORE
Heartbleed Bug: Here Are the Passwords You Should Change
Quick Tech Trick: How to Make a Strong Password (and Actually Remember It)
How to Protect Yourself Against the Heartbleed Bug
A newly discovered bug in software supposed to provide extra protection for thousands of the world’s most popular websites has exposed highly sensitive information such as credit card numbers, usernames, and passwords, security researchers said.

The discovery of the bug, known as Heartbleed, has caused several websites to advise their users to change their passwords.

“This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug,” Tumblr wrote in a note to its many users.

“The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.”

Yahoo, the owner of Tumblr, confirms that its users’ passwords have been compromised.

The bug was discovered late last week in the OpenSSL technology that runs encryption for two-thirds of the Internet. The researchers who discovered it said that most Internet users “are likely to be affected either directly or indirectly.”

It was found simultaneously by a Google security researcher and a small security firm named Codenomicon and disclosed Monday night.

Experts are now scrambling to asses the extent of the security breach, because the bug remained undiscovered for two years. Hackers may have exploited it without leaving footprints.

“We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace,” Codenomicon wrote on their newly created website about the bug.

According to several security experts, it is one of the most serious security flaws uncovered in many years.

“Heartbleed is like finding a faulty car part used in nearly every make and model, but you can’t recall the Internet and all the data you put out on it,” Jonathan Sander, vice president of research and technology for Stealthbits Technologies, a cybersecurity firm, told the Los Angeles Times.

The U.S. government’s Department of Homeland Security has advised all businesses using the vulnerable versions of the software to review their servers.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 7390
  • Gender: Male
  • Who yous looking ats
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #1 on: April 13, 2014, 09:54:22 PM »
tried to find out what sites are affected  :P

Offline brickbatz

  • Cro-Magnon
  • ****
  • Posts: 803
  • Gender: Male
  • Politically Incorrect

Offline 8ullfrog

  • Homo Superior
  • ******
  • Posts: 3248
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #3 on: April 14, 2014, 02:08:49 AM »
My cousin had his email account compromised (Yahoo), a good friend had his email account compromised (Hotmail) an attempt was made against my mom's email (Google) and an attempt was made against my roommates fb profile (Facebook).

This is a major bless'ed pain in the ass. On sites where passwords cannot be remembered for security purposes, I touch type my passwords out, and now I've got to learn new ones.

I'm tired of these bless'ed compromised systems.

Offline 6pairsofshoes

  • Homo Superior
  • ******
  • Posts: 3771
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #4 on: April 14, 2014, 10:59:00 AM »
I'm still changing p/w s.  What a pain.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 7390
  • Gender: Male
  • Who yous looking ats
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #5 on: April 14, 2014, 11:22:47 AM »
nothing on there bothers me

Offline brickbatz

  • Cro-Magnon
  • ****
  • Posts: 803
  • Gender: Male
  • Politically Incorrect
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #6 on: April 15, 2014, 12:23:30 AM »
Using TeamViewer to connect remotely I changed a cousin's passwords two days ago and another cousin's passwords yesterday. I make up long strong passwords on notepad, label them, username, email and copy/paste them when changing them.

The cousin I helped yesterday was using her dog's five letter name for everything. When she saw me typing something like this #v5$8^Sd%W0j), then do the same random thing for each of them, I could hear the phone drop. Anyway, I named and it saved it to her documents and printed it out for her. I gave her a movie so she'd quit thinking about it.
« Last Edit: April 15, 2014, 12:25:36 AM by brickbatz »

Offline 6pairsofshoes

  • Homo Superior
  • ******
  • Posts: 3771
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #7 on: April 15, 2014, 01:33:58 AM »
You guys do know that changing passwords on compromised sites before they have updated (to remove the glitch) is a waste of time, right?

No.  But if you hum a few bars, I'll try to fake it.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 15943
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #8 on: April 15, 2014, 05:13:18 AM »
^ Forgive me, six, for adding christ's comment to your post.  It was worth keeping.

Heh.

... and the piano is on my foot.

Monkeying around again, i see.

Incidentally, for important things, I have 18 character passwords of symbols and mixed case letters etc,  and I have them completely out of context in a sql database that I have access to from anywhere.  It has gotten me out of trouble more than once.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11622
  • Gender: Male
  • Rebel Mod
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #9 on: April 15, 2014, 10:34:40 PM »
Using TeamViewer to connect remotely I changed a cousin's passwords two days ago and another cousin's passwords yesterday. I make up long strong passwords on notepad, label them, username, email and copy/paste them when changing them.

The cousin I helped yesterday was using her dog's five letter name for everything. When she saw me typing something like this #v5$8^Sd%W0j), then do the same random thing for each of them, I could hear the phone drop. Anyway, I named and it saved it to her documents and printed it out for her. I gave her a movie so she'd quit thinking about it.

KeePass
http://keepass.info/

Quote
What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.


Is it really free?
Yes, KeePass is really free, and more than that: it is open source (OSI certified). You can have a look at its full source and check whether the encryption algorithms are implemented correctly.

As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice.
Bruce Schneier, Crypto-Gram 1999/09/15
--dweez

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11622
  • Gender: Male
  • Rebel Mod
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #10 on: April 16, 2014, 10:34:07 AM »
I'm all for OSS but I'm more for "best tool for the job" so if a close-source is better (either works better or better support available) I'll go with that.  This will now be an example I use to shut up the "OSS IS BETTER CUZ YOU CAN LOOK THROUGH THE SOURCE AND FIX IT" fanboys.
--dweez

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 15943
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #11 on: April 16, 2014, 01:30:04 PM »
I prefer hot sauce.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline xtopave

  • Site Modette
  • Q
  • *
  • Posts: 28876
  • Gender: Female
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #12 on: April 16, 2014, 05:15:13 PM »
I prefer hot sauce.

My 1st thought when I saw the thread was the Birkin is a massive bag but I didn't dare make that comment.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 15943
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #13 on: April 17, 2014, 05:01:06 AM »
My 1st thought when I saw the thread was the Birkin is a massive bag but I didn't dare make that comment.

Is there such a thing as a dainty Birkin?
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 15943
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Change Your Passwords: A Massive Bug Has Put Your Details
« Reply #14 on: April 17, 2014, 10:23:47 AM »
Jane?

I'm actually more like Tarzan. Except for the parasol.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.