Guest Guest66881 Posted April 10, 2014 Share Posted April 10, 2014 ELEANOR HALL: Online security experts are warning today that nearly every user of the web over the last two years is exposed to a security bug sweeping the internet. Known as Heartbleed, the bug is a serious vulnerability in a piece of encryption software which secures data on nearly two in three web servers. It's now a race between the server administrators and hackers to either fix the software in time or come under attack. Will Ockenden has more. WILL OCKENDEN: As internet security bugs go, Heartbleed is a doozy. If you've used the internet in the last two years you're likely affected. ROBERT SICILIANO: Big websites, email servers, even retailers, small businesses that are being hosted by providers that haven't updated are vulnerable which means all their data and their customers are vulnerable as well. WILL OCKENDEN: Robert Siciliano is an internet security consultant. ROBERT SICILIANO: Websites that serve up the HTTPS generally means that they are secure, that your data is encrypted. WILL OCKENDEN: The whole point of internet encryption is to keep data travelling from the server to the user secure. Heartbleed allows an attacker to break and decrypt that data. http://www.abc.net.au/worldtoday/content/2014/s3982491.htm Link to comment Share on other sites More sharing options...
Londongal76 Posted April 10, 2014 Share Posted April 10, 2014 There's no point doing anything until they fix it. Link to comment Share on other sites More sharing options...
MovingtoTasmania Posted April 10, 2014 Share Posted April 10, 2014 I checked all the websites that I use for this heartbleed thing (I must admit that when I saw the thread title, I thought that it was a medical condition that @PaulandDeb had discovered he was suffering from!) and it seems that my banking, emails and also amazon and paypal are unaffected by this bug. Link to comment Share on other sites More sharing options...
Guest Guest66881 Posted April 10, 2014 Share Posted April 10, 2014 It said on BBC news earlier if you have used a computer or internet device in the last two years then you have probably been breached, they are asking that everyone change vital emails and passwords. Link to comment Share on other sites More sharing options...
MovingtoTasmania Posted April 10, 2014 Share Posted April 10, 2014 There's a website that you can use and it has a list of all the websites that have been breached by this bug. I just put my bank, paypal, email accounts and amazon in and they haven't been breached according to this site. It's only sites that use Open SSL servers that are vulnerable to the heartbleed bug apparently. Link to comment Share on other sites More sharing options...
Londongal76 Posted April 10, 2014 Share Posted April 10, 2014 It said on BBC news earlier if you have used a computer or internet device in the last two years then you have probably been breached, they are asking that everyone change vital emails and passwords. They are, but the media are exacerbating the issue. If you change a password now for a site that hasn't fixed the hole, you'll just be giving someone who 'might' be catching the info, the new one. Until they fix it, pointless changing it. Also, although there is a security hole, getting that info is no mean feat. It's an odds game, and the odds are incredibly low at this point that anyone actually has it or can make sense of it if they do. Link to comment Share on other sites More sharing options...
Londongal76 Posted April 10, 2014 Share Posted April 10, 2014 http://www.cnet.com/uk/how-to/which-sites-have-patched-the-heartbleed-bug/ Link to comment Share on other sites More sharing options...
Xenon4017 Posted April 10, 2014 Share Posted April 10, 2014 It said on BBC news earlier if you have used a computer or internet device in the last two years then you have probably been breached, they are asking that everyone change vital emails and passwords. What sensationalist rubbish. They might as well write "if you've either used electricity, petrol or been outside your house in the last week". And change a vital email? What do you mean, send it to someone else? Make the subject line more interesting. It's a slow news day for sure... Link to comment Share on other sites More sharing options...
forgil Posted April 10, 2014 Share Posted April 10, 2014 Londongal is right. No point changing anything until the problem is fixed. Link to comment Share on other sites More sharing options...
Que Sera Sera Posted April 10, 2014 Share Posted April 10, 2014 Surely even if they do manage to dip into your account and your lucky enough to have lots of money in it the banks are liable for it anyway? Link to comment Share on other sites More sharing options...
MovingtoTasmania Posted April 10, 2014 Share Posted April 10, 2014 You would have to prove that it wasn't you that gave the money away/spent it before the banks would accept liability. Link to comment Share on other sites More sharing options...
forgil Posted April 10, 2014 Share Posted April 10, 2014 http://www.cnet.com/uk/how-to/which-sites-have-patched-the-heartbleed-bug/ I'm getting a 404 for the UK link here in Oz. Here's a link that works for those of us in Oz. http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/ Link to comment Share on other sites More sharing options...
Petals Posted April 10, 2014 Share Posted April 10, 2014 What I need to know is that I have to wait and not do anything. If the patch has not been put in place and I change my password then its no use. So I am leaving it up to my security people to sort out. As long as my banks are fine, who cares about facebook, google all that stuff I take it for granted that anything I put on them is up for grabs. Banks are fine, I only use paypal, I don't use sites that take credit cards. No need to panic. Why do we get all worried about privacy when there is none these days anyway. Link to comment Share on other sites More sharing options...
ozziepom Posted April 10, 2014 Share Posted April 10, 2014 I work in IT, managing largeish web-servers web servers among other things but I'm not specifically a security expert, to the best of my knowledge... 1) OpenSSL is in use on 2/3 of the worlds webservers, and the affected versions are the ones released between Dec 2011 and now (or a couple of weeks ago) so most people would have used affected sites. 2) The fix has been released, on April 7. 3) Its not known if anyone exploited the vulnerability, but it is possible. 4) Most major websites fixed this as soon as it became known, I checked our Open SSL versions as soon as I became aware of it (we weren't affected). Its likely that a major incident was raised at the big web firms and resources deployed very quickly. 5) You can check any website you're concerned about using this https://lastpass.com/heartbleed/ - all this tells you is if the site is currently vulnerable, they could have previously been, but have fixed it now. More info: http://heartbleed.com/ http://lifehacker.com/what-the-heartbleed-security-bug-means-for-you-1560801201 Link to comment Share on other sites More sharing options...
Guest Guest66881 Posted April 11, 2014 Share Posted April 11, 2014 Just sayin...:eek: Link to comment Share on other sites More sharing options...
Paul1Perth Posted April 11, 2014 Share Posted April 11, 2014 I work in IT and know this type of thing can and does happen a lot more than anyone will own up to. The banks lose millions a year through scams on the internet but they aren't going to openly tell people this as it would lead to a crisis in confidence. That's why I try to keep a low internet profile. Very careful about what's on the computer at home, always turn it off when it's not being used, no facebook, twitter, chat accounts. This is the only forum I post in. Can't be too careful, even with smartphones. How many have their bluetooth switched on? giving access to your phone for people in close proximity, if they know what they are doing they can get in and see what you have stored in your phone and you wouldn't even know it's happened.:cool: Link to comment Share on other sites More sharing options...
Guest Guest66881 Posted April 11, 2014 Share Posted April 11, 2014 I work in IT and know this type of thing can and does happen a lot more than anyone will own up to. The banks lose millions a year through scams on the internet but they aren't going to openly tell people this as it would lead to a crisis in confidence. That's why I try to keep a low internet profile. Very careful about what's on the computer at home, always turn it off when it's not being used, no facebook, twitter, chat accounts. This is the only forum I post in. Can't be too careful, even with smartphones. How many have their bluetooth switched on? giving access to your phone for people in close proximity, if they know what they are doing they can get in and see what you have stored in your phone and you wouldn't even know it's happened.:cool: @Paul1Perth be careful mate you don't want to be tarred with the sensationalism brush:wink: Link to comment Share on other sites More sharing options...
Paul1Perth Posted April 11, 2014 Share Posted April 11, 2014 @Paul1Perth be careful mate you don't want to be tarred with the sensationalism brush:wink: I'm just careful P&D. Who goes through thier statements every week to check every penny? Our statement is bad enough and there is only me and the wifes incomings/outgoings. Imagine what a self employed statement would be like. If someone had managed to set up, say a direct debit for $5 a month and it looked legit, would you even check. If they did this to 10,000 people who didn't realise that's a lot of money. I think there was a film made about some scam of that type years ago, (was it trading places) and it might seem fictional but it could happen. Link to comment Share on other sites More sharing options...
Guest Guest66881 Posted April 11, 2014 Share Posted April 11, 2014 It does happen mate, BIG TIME but some like to stick their heads in the sand and ignore the realities? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.