Heartbleed- Change your passwords

I just heard about a new security bug on the net.. change your passwords...

http://www.thewire.com/technology/2...new-security-bug-scaring-the-internet/360366/

 

I saw that on Facebook yesterday. I also saw how Facebook is changed again. Hmm.

I got into a habit of purposely making my passwords something I won't remember. It's so easy to change a password so there's no need for me to remember them anymore. I just change them.

 

I'd really hate for someone to log in to my HF account and start posting things that make sense. O.O

 

Someone might assume my internet identity and..!

Oh, right... My life will carry on just fine.

 

They've got big shoes to fill dudes.

 

-.- quiet you.

 

Irm, if you ever start making sense I'll instinctly assume an imposter is present.

 

Or that I've finally managed to get a few days into my weekly tolerance breaks and I'm stone sober. =0

 

I don't wish sobriety on anyone.

 

The hipforums login page is not over ssl to begin. So you're not affected by this here because anyone can see key exchane in plain text.

 

for anyone who had ever made an online purchase this is significant though and online banking.

The problem with immediately changing your password is, if the site where you change it has not upgraded to the new version of SSL it can be stolen again.

 

1. I really wish people here would stop sourcing from The Wire

2. Its only an openssl bug

3. Only really for dictionary word (lame) passwords, and the chances of getting that whole then being able to decrypt it in the 64kbs pinched is like winning the lottery. No ones going to run a server farm jus to be able to hack into lame comments made on snoop etc

 

Don't be so naive' VG.
We all know the NSA collects, reads & listens to EVERY SINGLE e-mail, text, tweet, instagram, phone convo, and every forum post in the ENTIRE world, don't sound like it would be too hard.

 

On points two and three...

My site, my companies site, and about 60% of the internet use openssl for ssl/tls. It's the thing which enables private end to end communication. It's a big deal because of the information which could be leaked, and the ease of the attack. Yahoo uses it. Canada canceled tax processing.

It is not just for dictionary words, example below. Not only is it *not* just for passwords, passwords aren't nearly as dangerous of a target as private keys. There is absolutely no 64kb limitation in this attack, 64 kb is random memory of openssl that's exploited per crafted packet. But with private keys, all information transmitted since the certificate was issued would be vulnerable. The only protection against this in the past would be the extremely small percentage of companies which use elliptic curve Diffie_Hellman to hash sessions, perfect forward secrecy. With this only a single session would be vulnerable.

https://twitter.com/markloman/status/453502888447586304/photo/1

 

To put things in perspective, the NSA data retention capacity can be estimated at around 15 exabytes(10^18) at a large data-center in Utah. Less than Google, and in 2014 it's safe to assume there will be over 150 exabytes transferred over the internet. One could safely say that the NSA does not store all of this data.

They wouldn't have to either, a very large percentage of this is digital streaming, making up 40% of data transfer at peak times. Keeping full packet logs of youtube and netflix transfers wouldn't make sense. Otherwise communication could be swept through deep packet inspection, the interesting ones could be archived. Interesting things would be things which contained a number of keywords, or are several degrees of separation from foreign targets. Considering a significant percent of the internet backbone is public, including all overseas data cables... even if the ISP's weren't colluding with intelligence gathering that's a lot of data. Of course there is implicit and explicit collusion.

I am not into conspiracies, the technical capacity for this does exist.

 

I used to hack the shit out of ppls face crook accounts....dats why u never see me chillin there lol j/k
Facelrok.com.us.xguihuihuyhuh Lol

I'm a phisherman with my pole lol

 

I got an email from Macafe or whatever they're called about this heart bleed thing.I'm not very computer literate and couldn't really make sense of it.I have a Mac.Should I be concerned?

 

to the same extent of anyone else, this is not like a virus attacking your computer but security over transmitted data and what the sites you visit do for security

 

Okay thanks.I will have to get my head around it.

 

It's supposed to be more secure than windoze....I think ur probly okay buddy:sunny: