I can feel your Heartbleed for the very first time... in Site Updates
- April 10, 2014, 6:33 p.m.
- |
- Public
In response to the question of whether or not I've patched up the epic Heartbleed vulnerability, why yes I have. Is it a good idea to change your password? ABSOLUTELY.
If you haven't heard much about it, allow me to sum up. Heartbleed has been an easily exploitable bug living in the internet wild for about two years. It has potentially compromised over 60% of websites that use SSL (i.e. pages sent securely via https). It is impossible to know if or how long it's been exploited. The discovery was only made public this week.
In other words, it's not a bad idea to change ALL of your internet passwords (this also includes email, instant messaging, VPN, etc). Ah, the false illusion of security on the internet.
Deleted user ⋅ April 10, 2014
Thank you for fixing it.
Deleted user ⋅ April 10, 2014
Thanks for jumping on that.
Jigger ⋅ April 10, 2014
So do we change all our passwords for everythings now, or wait a few days? I've been told both. Your judgement, I'd trust.
simple mind Jigger ⋅ April 10, 2014
It depends on whether any given website is still vulnerable or not. Also, a lot of sites will be reissuing and revoking SSL certificates and that could take time - so it's pretty subjective on what "vulnerable" could mean. Arguably you could change any passwords now, and do it again later if the website makes some official announcement that they've plugged any leaks.
Jigger simple mind ⋅ April 10, 2014
Okay, thanks for that...and I think it's cute that you think I can think of a memorable batch of new passwords twice. Do you not KNOW how often I hit my head?
simple mind Jigger ⋅ April 10, 2014
http://xkcd.com/936/
Jigger simple mind ⋅ April 10, 2014
Aw, now I gotta come up with four words, EACH? Crap.
;)
simple mind Jigger ⋅ April 10, 2014
correct jigger laparoscopic astronaut
(my apologies if you've already changed your Prosebox password to this and it's now compromised)
Jigger simple mind ⋅ April 10, 2014
DAMMIT.
Deleted user ⋅ April 10, 2014
^ what Jigger said.
ConnieK ⋅ April 10, 2014
It's not sentimental attachment for me as much as it is recalling things to my aging brain cells...but change them all, I did! :)
banker chick ⋅ April 10, 2014
Ugh and I just changed all my passwords too. Now I'll have to come up with new ones? :)
Krud ⋅ April 10, 2014
This might explain why my wife's debit card keeps getting hacked.
Krud ⋅ April 10, 2014
Also, I hope other sites will give a heads up when they're patched.
Teflon Superhero ⋅ April 10, 2014
Ha! I heard someone's was 1-2-3-4....is that not the stupidest thing you've ever heard in your life?? that's the kind of thing an idiot would put on their luggage! xD...
uh, you don't think luggage has been compromised, do you?...
simple mind Teflon Superhero ⋅ April 10, 2014
Reminds me of Dumb and Dumber...
Teflon Superhero simple mind ⋅ April 10, 2014
http://youtu.be/a6iW-8xPw3k
Now I have a Dumb and Dumber and Spaceballs mashup going on xD
simple mind Teflon Superhero ⋅ April 10, 2014
Oh yeah, Space balls! I knew your comment was directly from a movie but for some reason I landed on another movie.
NeonLady simple mind ⋅ April 10, 2014
Hahaha!
Deleted user ⋅ April 10, 2014
Joke's on them, I spell "password1234" with an e on the end!
^H ⋅ April 11, 2014
I told my wife to wait until next week to go ahead and update passwords just to make sure the sites had updated. "So I should tell my mother to stop using the Internet, right?" Yes, dear, that'd be a good thing for everyone.....
Ophidia ⋅ April 11, 2014
Thank you, proseBoss. May I ask when it was fixed here? I changed my password here yesterday morning (US Pacific time), hopefully that was after it had been patched?
Loki ⋅ April 13, 2014
The Tranquil Loon ⋅ April 16, 2014
love the video
Deleted user ⋅ April 16, 2014
Hi - I just wondered if there was ever going to be a 'friends only' option or private? Or if there already is? As I can't seem to find it! T.I.A :)
H. Majesty T. Mudfish Queen ⋅ April 17, 2014
oh shit. now I'm gonna worry my ass off.