Don't forget to change your passwords!
 

I know some of you are probably tired of hearing this today, but for the benefits of those who may be out of the loop:

http://www.bbc.com/news/technology-26954540

Basically, a serious exploit called Heartbleed has been discovered in the OpenSSL (Secure Socket Layer), a protocol that is commonly used for transmitting sensitive data online. Many services, especially those where money or private information might be stored, have suggested changing your passwords - Canada's tax agency even shut their sites for the moment to ensure no data leaks. So, better safe than sorry! Good excuse to do a routine password change anyway, which is nice to do every once in a while.

Thanks, first time I've heard about it. :)

It's going to take time to change every password. :doh:

Potentially very worrying.

Potentially the worst bug in the entire history of the world wide web :D

If you want the details:
http://heartbleed.com/
(this web page was made by the guys of Codenomicon)

Btw, it is better to wait for the release of a patched implementation, otherwise changing your password is perfectly useless...
And for password managment I strongly raccomand the use of a dedicated software (a password manager) like KeePass ;)
Besides remembering your password it has a very useful password generator tool so you can generate strong password.

Worst security event ever in the internet's history so far.

Currently changing passwords do nothing if they have not previously changed their SSL software and certificates, your new passwords would be corrupted, too then.

There is a list somewhere of sites that showed which one were safe or not safe yesterday, around noon time. Maybe it gets updated. For adminstrators and server operators there also are one or two sites where you could let your servers check .

Its pretty bad, exceeding the scale. Be advised that changing passwords does nothing if they have not updated their SSL software and certificates before. You want to be certain they did, before dwelling in the illusion of being safe again just because you changed those codes of yours.

It's funny somehow how little note the world has taken, shows how little common people understand about the web, and how exposed they are to their ignorance' inherent dangers. If in California the Big One would have flattened LA, people would have taken note, wouldn't they?

Ah, banryu was a bit faster than me... :)

The "new" Internet is the old ARPANET.
Certificates are of no use if the NSA can publish those itself, or just interceot or read out those from any personal PC.

So if you want any security against breaches or eavesdropping, we need another net, and other protocols.

Up to then all you do is already compromised.

Windows Cloud, anyone!? :ping:

The bugs are now placed in the OS itself. No firewall and virus scanner can get them there. He who thinks he is safe when using an antivirus or firewall, lives on the moon.

I personally am convinced that they already have started to sink bugs into the hardware, into ROMs and BIOS. They would be incompetent if they had not done so by now.

Don't trust chips made by somebody else. Only trust chips you made yourself. :shucks:

This is the list I mentioned.

https://github.com/musalbas/heartble...r/top10000.txt

Note that it was valid Wednesday.

Also note, since there are many gamers here, amongst the sites still vulnerable yesterday, was Steam.

Also note this: risks remain even after servers have been patched and passwords have been chnaged, because criminals could use the old exploit to decypher old data traffic that they have collected before. You may want to think about whether or not you are at risk from that direction.

I start to hate the internet...

At the time of writing this, the subsim.com website IS NOT affected:

The Internet is safe and your stuff is secure and safe trust the Internet. :har:

I trust the Internet as about much as I trust a politician...ZERO.

Steam or subsim... seriously I'm a bit more worried about my online bank account, you know! :haha:

It could very well be that it is no criminal gangsters behind this, or an unintended error during programming of source code, but that intelligence agencies, namely the NSA, are behind this, in an effort to generally weaken security standards in the web and install backdoors that are hidden as "criminal" attacks or "software bugs" to allow what is called "plausible denial". That certain intelligence services are explicitly trying to overhear and control ALL the internet and enforce access to EVERY system there is, is no longer a secret by now, is it.

It's the side benefit that DARPA had planned from the get go. Easy access for intelligence gathering and information control purposes.
Orwell was only off by what, thirty years?:shifty: