Heartbleed!

[Bsuds]

If you are concerned about Internet safety and your password vulnerability (and you should be).

I suggest you have a look at a program (free) for your passwords. Lastpass, it will also test your vulnerability on the sites you have passwords for. It will generate and remember passwords for you and you only have to remember the one for Lastpass.
There are other similar programs out there and it is a good idea to use one of them.

Check it out.

BTW for your info as well it appears that most Canadian Banks are not vulnerable to this Heartbleed vulnerability.

https://lastpass.com/

[Fancy]

Thanks for the tip.

[Woodenhead]

I've been using LastPass for years now, and I can't recommend it enough.

[alfred2]

*removed* [He] is right *removed*

[zzontar]

The internet was designed to be a Trojan horse and thus will never be secure.

[Lore]

Hacker has been charged.

http://globalnews.ca/news/1274997/hacke ... ed-breach/

[Troy]

I'm very curious to know how they managed to find him. From what we were all told, there was supposedly no way of knowing if a server's data was compromised using the Heartbleed bug.
http://www.castanet.net/news/Canada/113 ... en-charged

[zzontar]

This is horrible:

He faces one count of “Unauthorized Use of Computer” and one count of mischief.

I'll bet he'll have to take in his pop bottles to pay the fine. These *bleep* can cause great anguish to many people as well the financial costs associated with viruses. Somehow if you're a straight A student, screwing with people's lives is okay. The laws have to be changed and someone has to be made an example of do discourage future hackers. This goof should spend at least 10 years behind bars, based on the number of people affected. Multiple offenses increase the penalty for lesser crimes, why it's different if you're computer-smart is beyond me.

[StraitTalk]

I'm very curious to know how they managed to find him. From what we were all told, there was supposedly no way of knowing if a server's data was compromised using the Heartbleed bug.
http://www.castanet.net/news/Canada/113 ... en-charged

We'll probably never know.

[LordEd]

I'm very curious to know how they managed to find him. From what we were all told, there was supposedly no way of knowing if a server's data was compromised using the Heartbleed bug.
http://www.castanet.net/news/Canada/113 ... en-charged

All complete theory.
1. Being government/CRA, I would guess that they would have IDS systems. Its very possible that there is a computer system logging every packet that hits their servers and kept for a period of time in case of a breech. Their site mentions "data fragments" being analyzed. Think security camera system. If a problem happens, you pull the digital tape and prevent it from being overwritten.
2. Heartbleed is a bug that takes advantage of a buffer overrun that allows random 64K of data to be extracted from RAM. I don't know the normal packet size, but lets assume that its normally small. A 'heartbeat' packet of unusual size could potentially be detected.
3. If #2 is not technically feasible, then comparing https IP traffic against https service usage could reveal system hitting the system without legitimate use (such as logging in).

[Woodenhead]

Or he bragged about it on Facebook!

[Woodenhead]

Also (as if this is a surprise to most of us) :

NSA exploited Heartbleed bug for two years to gather intelligence