Have you seen the following:

http://news.uk.msn.com/comment-and-analysis/articles?cp-documentid=260331747

http://www.theweek.co.uk/technology/58072/heartbleed-internet-security-flaw-are-you-risk

Roger

NO, scared to! You may have lost the plot and decided to contaminate us all!

I'll let someone else go first 

Cheers weave.

Seriously, will have a look but can't find me glasses. Have to sit 4 ft from screen to write this.

I saw it yesterday, just dismissed it as the usual scaremongering

With the amount of different passwords I have for various things I'm not going around changing them ALL !!


Paul

QuoteI saw it yesterday, just dismissed it as the usual scaremongering

Whilst I generally agree that we keep seeing this kind of "security breech" and feel likewise, it will pay to stay vigilant as at some point I suspect this sort of report will be proven to be true and therefore may have horrible consequences for some of us.

Quote from: Only Me on April 10, 2014, 08:35:31 AM
such as this site etc...

God forbid someone might hack their way in and do some MODERATING !!


Paul

Quote from: Only Me on April 10, 2014, 08:35:31 AM
Wait a day or so. Then change the passwords on the web services you use. Immediately changing passwords risks exposing them on sites that have not yet corrected the bug. 

such as this site etc...

Quote from: Sprintex on April 10, 2014, 08:48:28 AM

Quote from: Only Me on April 10, 2014, 08:35:31 AM
such as this site etc...

God forbid someone might hack their way in and do some MODERATING !!

Don't be so flippant about this, it happened with the Series2club, well their servers site.

For some unknown reason, hackers disrupted it - the Series2club forum either ran very
slow or you could not access or use it. In the end they had to do a full purge and reboot
of the club forum and change servers. The disruption lasted about 4 weeks in total.

It's surprising how much you miss a forum while this work is being done :'(

Roger

There was an item about this on the ABC news tonight.

They said the problem lay with the ISP's and there was very little use in changing your passwords until such time as the problem has been resolved.

A number of ISP's, banks and government departments said in statements said they have either corrected the problem or are working on it.

Kind regards

Geoff

It's a bit more complicated than that

It's a bug that affects the encryption code used by some systems where making "secure" connections. It mostly affects web servers but it also affects some VPN software, and some client software too. If the web server has the bug a client can attack it and steal some information, if the client has the bug then a server can do the same to the client.

The big problem is that it leaves pretty much no traces, so while its highly unlikely anyone else discovered it earlier and use it for evil purposes, there is no way of knowing that.

The software in question is not generally used on Windows (although some 3rd party apps do use it) but is used just about everywhere else from phones to big servers. Most devices use a version old enough not to have the bug in the first place, so generally its "just" all the servers that need fixing.

I would change critical passwords (ones that could be used to cause real nuisance). Also any where the provider of the service contacts you and instructs you, or advises you to do so - simply because if you don't you might find they will do nothing about the results because you ignored the advice.

Alan

Quote from: Oldun on April 10, 2014, 10:06:34 AM


It's surprising how much you miss a forum while this work is being done :'(

Roger

Heaven forbid, we may have to get on with some modelling 

Quote from: Trainfish on April 10, 2014, 02:54:12 PM

Quote from: Oldun on April 10, 2014, 10:06:34 AM


It's surprising how much you miss a forum while this work is being done :'(

Roger

Heaven forbid, we may have to get on with some modelling 

Modelling is fine, the weather is instrumental with working on Land Rovers

Rain stops play 

Roger

According to the Admin on another SMF-powered forum I'm on there's nothing we as members need to worry about anyway, it's only the server-side that can be infiltrated in this way


Paul

Quote from: Sprintex on April 11, 2014, 07:11:34 AM
According to the Admin on another SMF-powered forum I'm on there's nothing we as members need to worry about anyway, it's only the server-side that can be infiltrated in this way

As you say ' its only the server-side' but, the problem is its mainly companies and banks
dealing in money that virtually every one uses. Hence the 'panic' for want of a better way
to put it.
My bank has given the 'all clear' on their system but, I may change mine just in case.

Roger

I have to say this is such a good wheeze to prompt the world and its wife to all panic and change passwords.
Now if you were a government agency, just think what fun you can have sniffing up all those password changes flying around the net.   

Quote from: Sprintex on April 11, 2014, 07:11:34 AM
According to the Admin on another SMF-powered forum I'm on there's nothing we as members need to worry about anyway, it's only the server-side that can be infiltrated in this way


Paul

This information is wrong.

There are multiple vulnerable pieces of client software including some VPN clients. For once however if you are running Windows you are almost certainly all fine.

It also only involves encrypted connections. This forum doesn't use one so anyone can already steal all your connection data, pretend to be you, and generally be irritating - but I doubt it's worth the effort!