If you’ve been keeping up with the news, you may have heard about the popular Heartbleed bug, which allows hackers to access a web server’s memory and pull temporary data including usernames, passwords, and credit card numbers via sites using the OpenSSL protocol. This bug came about after it was discovered that there was a very tiny piece of sloppy coding in the encryption protocol. Many sites have since patched their servers, but if you’re using anyone of the following sites, it’s recommended that you change your password. Even if you use a site that was not affected, still take the time to consider the strength of your password and work on a new one if you think it’s not secure. If your password is 123456 or zxcvbnm, then maybe you should change it anyway.
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
Two months ago, security experts and web users panicked when a Google engineer discovered a major bug — known as Heartbleed — that put over a million web servers at risk. The bug doesn't make the news much anymore, but that doesn't mean the problem's solved. Security researcher Robert David Graham has found that at least 309,197 servers are still vulnerable to the exploit.
Seven weeks after the bug put the web on high alert, Heartbleed is still causing problems. A new report from Portuguese security researcher Luis Grangeia describes how the same bug could be used over Wi-Fi to enable new kinds of attacks that build on the same vulnerability.
This heartbleed thing has been a major PITA, pretty annoying having to change so many passwords.
It also goes to show how vulnerable the web really is. Over 500 million sites were affected (or more), and nearly 2/3rds of the entire internet. That is just insane!
Kinda scary seeing as a culture we are relying on the net more and more on a daily basis, and more and more critical security components (like military stuff, or even power-plants, water, etc) for our countries rely so heavily on the net. And to think it all can be brought down at the drop of the hat if somebody knows the vulnerability (everything on the net has a vulnerability, nothing is 100% secure).
For the fixed sites, do I still have to change my password? I should just change my password regardless, but just asking for clarification.
I use a crappy password on sites that I hardly ever use and very strong passwords on sites I always use, GF :P
Yahoo ALWAYS changes my password anyways.... It always says my password is wrong then forces me to change it, even though its right. Then they keep blocking my account "due to suspicious activity" because my phone is synced with Yahoo, but isn't using their stupid app.
It's nice to see Twitter is constantly on the positive side of things though. A lot more comfortable with them than I am with GovernmentSpybook.... err....Facebook.
Twenty+ digit password recently instated. Adding phone numbers as an in to a forgotten passcode... Not me!