OT: Heartbleed Bug

cazzy · April 2014

I haven't seen this posted, so here it is. This hit my corporation hard. We're making about 400K users change their password. Basically, this is a security vulnerability that has affected most sites that use SSL encryption. Yahoo, gmail etc. Most banks are saying they're unaffected, but I still changed my password. Keep in mind, unless the site has implemented the fixed version of OpenSSL, there is no point in changing your password.

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

@nolaegghead @DMW Has this hit you guys at all?

cazzy · April 2014

This shows some of the popular websites that may or may not have been affected:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

nolaegghead · April 2014

Our servers don't have this problem because our openSSL installs are versions 0.9.x, before the heartbeat feature was implemented.

I'm being very careful what I login to.

DMW · April 2014

Our security team has started publishing responses. The product lines I represent are not impacted, those using OpenSSL were prior versions not impacted.

JohnInCarolina · April 2014

I'm just thankful this is an internet-thing and not some kind of living insect. Can't imagine what it would be like to be bitten by a heartbleed bug, but it sounds awfully painful.

Eggcelsior · April 2014

Gizmodo has a nice write-up on it from a few days ago.

OT: Heartbleed Bug

Comments

Categories