Jump to content



Beware the Heartbleed Bug

Recommended Posts

To quote Barmy:


Some of you may have started seeing comments about the Heartbleed bug that is causing major security issues on the Internet. It is every bit as bad as it sounds, and I recommend people reading up on it to see if you are affected elsewhere. The relevant bit though is that Dragonmount is not affected, so if any of your members are wondering you can let them know.




To which I asked:

This isn't some April Fool's joke, is it?


I must just ask what's the point of changing your passwords - won't they just keep hacking all the new passwords you choose?



Barm's explanation:

No, it isn't some kind of April Fools joke, it is entirely serious and probably the biggest most critical and widespread bug to hit the Internet in a long while. I read a quote from a very well respected security analyst yesterday saying that on a scale of 1-10 he rated this bug as an 11. You ABSOLUTELY should be proactive about protecting yourself from this bug. Today's XKCD comic does an amazing job at explaining how the bug works.


The reasons you should change your password:


In the case of this bug anybody who has fixed their security is no longer vulnerable and changing your password will protect you again. If a service you use was vulnerable to that bug then you should assume that the password you use with them is compromised. This is particularly a problem if you use that password everywhere. FYI - Yahoo, Google and Facebook were vulnerable to this hack, so you should update your password at all three sites.


In the case of passwords in general: You should update at least your important ones (email, bank, etc) on a regular basis specifically because hackers could keep hacking them. Now you don't need to do this every day, but at least once every 3-6 months.


You should also use a different password with every service so that in the case that one is compromised the hackers cannot use it to get access to your other accounts. Human memory can only store so many passwords though, so I highly recommend that everyone get a password manager service like 1Password or LastPass (I have used both, both are fantastic, currently I use LastPass) to store your passwords, then you only have one password you need to remember on a regular basis, and that is the one to access the password manager.


You should also use features like 2-factor authentication where it is available. Google uses it, Twitter uses a form of it, Hotmail / Outlook mail / whatever else it is called uses it. Facebook also uses it, and so does LastPass. 2-factor authentication basically sends a short code to your mobile phone that you have to enter into the field provided by the service right after you enter your password in order to ensure that it is you getting on the service instead of a stranger.


Will a hacker be able to crack your password? Maybe. The technical capability and the motivated people ARE out there, the question is not can they crack your password but will you be the target of their attacks. The point of all this is to protect yourself, to a) reduce the chances that a hacker can break into your accounts and b) to reduce the damage they can do to your life if they do manage to get into one of your accounts.


Any other questions? I'm happy to answer them, I want to make sure that everyone is aware of how bad this is and what you can do to protect yourselves.



To check if sites you frequent are vulnerable or infected, you can use :


pass checklist for top 100 sites: http://www.cnet.com/...heartbleed-bug/





Link to comment
Share on other sites

Some more info that I've been sharing with people:


A password manager that you should use (and I do use, it is very good and I highly recommend):
https://lastpass.com/ (I pay the 12 dollars a year to get it on my phone and tablet too)


Three sites that are useful for checking if you should change your password on a site:

https://lastpass.com/heartbleed/ (this one will tell you if the site is current vulnerable or was never vulnerable, but won't know as well if it was vulnerable and maybe been patched)


The next two sites are lists of popular sites and whether you should change your password:




Here's a short Q&A on the bug:



And the simplest explanation out there of what the bug actually does:

Link to comment
Share on other sites

Oh, and from other sites i have looked into for saving your passwords, 12 bucks a year is a STEAL to have access on your phone for it as well!  AND they have a LOT for free if you don't want to/cannot currently pay.  Im highly considering upgrading so that my wife can have it (she likes to use Ebay Amazon, Gmail, pinintrest, all of which are either vulnerable, OR need a new password anyways (she has had the same one for at least a year).


This type of program might help a lot of people to keep the best practices in password management, without having to constantly memorize90 different passwords.  lol, I'm lucky if i remember my login username *cough DM Cough*!  :)

Link to comment
Share on other sites


  • Create New...