Heartbleed!
- Bsuds
- The Wagon Master
- Posts: 55059
- Joined: Apr 21st, 2005, 10:46 am
Heartbleed!
If you are concerned about Internet safety and your password vulnerability (and you should be).
I suggest you have a look at a program (free) for your passwords. Lastpass, it will also test your vulnerability on the sites you have passwords for. It will generate and remember passwords for you and you only have to remember the one for Lastpass.
There are other similar programs out there and it is a good idea to use one of them.
Check it out.
BTW for your info as well it appears that most Canadian Banks are not vulnerable to this Heartbleed vulnerability.
https://lastpass.com/
I suggest you have a look at a program (free) for your passwords. Lastpass, it will also test your vulnerability on the sites you have passwords for. It will generate and remember passwords for you and you only have to remember the one for Lastpass.
There are other similar programs out there and it is a good idea to use one of them.
Check it out.
BTW for your info as well it appears that most Canadian Banks are not vulnerable to this Heartbleed vulnerability.
https://lastpass.com/
My Wife asked me if I knew what her favorite flower was?
Apparently "Robin Hood All Purpose" was the wrong answer!
Apparently "Robin Hood All Purpose" was the wrong answer!
- Fancy
- Insanely Prolific
- Posts: 72223
- Joined: Apr 15th, 2006, 6:23 pm
Re: Heartbleed!
Thanks for the tip.
Truths can be backed up by facts - do you have any?
Fancy this, Fancy that and by the way, T*t for Tat
Fancy this, Fancy that and by the way, T*t for Tat
- Woodenhead
- Guru
- Posts: 5190
- Joined: Jun 2nd, 2009, 2:47 pm
Re: Heartbleed!
I've been using LastPass for years now, and I can't recommend it enough.
Your bias suits you.
-
- Grand Pooh-bah
- Posts: 2005
- Joined: Jun 29th, 2013, 11:02 am
Re: Heartbleed!
*removed* [He] is right *removed*
Last edited by Merry on Apr 12th, 2014, 4:34 pm, edited 2 times in total.
Reason: Antagonistic
Reason: Antagonistic
- zzontar
- Guru
- Posts: 8868
- Joined: Oct 12th, 2006, 9:38 pm
Re: Heartbleed!
The internet was designed to be a Trojan horse and thus will never be secure.
They say you can't believe everything they say.
-
- Übergod
- Posts: 1517
- Joined: Jul 22nd, 2006, 1:41 pm
-
- Site Technical Administrator
- Posts: 1346
- Joined: Jan 28th, 2004, 4:45 pm
Re: Heartbleed!
I'm very curious to know how they managed to find him. From what we were all told, there was supposedly no way of knowing if a server's data was compromised using the Heartbleed bug.
http://www.castanet.net/news/Canada/113 ... en-charged
http://www.castanet.net/news/Canada/113 ... en-charged
- zzontar
- Guru
- Posts: 8868
- Joined: Oct 12th, 2006, 9:38 pm
Re: Heartbleed!
This is horrible:
I'll bet he'll have to take in his pop bottles to pay the fine. These *bleep* can cause great anguish to many people as well the financial costs associated with viruses. Somehow if you're a straight A student, screwing with people's lives is okay. The laws have to be changed and someone has to be made an example of do discourage future hackers. This goof should spend at least 10 years behind bars, based on the number of people affected. Multiple offenses increase the penalty for lesser crimes, why it's different if you're computer-smart is beyond me.He faces one count of “Unauthorized Use of Computer” and one count of mischief.
They say you can't believe everything they say.
- StraitTalk
- Lord of the Board
- Posts: 3702
- Joined: May 12th, 2009, 4:54 pm
Re: Heartbleed!
Troy wrote:I'm very curious to know how they managed to find him. From what we were all told, there was supposedly no way of knowing if a server's data was compromised using the Heartbleed bug.
http://www.castanet.net/news/Canada/113 ... en-charged
We'll probably never know.
-
- Guru
- Posts: 9475
- Joined: Apr 3rd, 2008, 9:22 am
Re: Heartbleed!
All complete theory.Troy wrote:I'm very curious to know how they managed to find him. From what we were all told, there was supposedly no way of knowing if a server's data was compromised using the Heartbleed bug.
http://www.castanet.net/news/Canada/113 ... en-charged
1. Being government/CRA, I would guess that they would have IDS systems. Its very possible that there is a computer system logging every packet that hits their servers and kept for a period of time in case of a breech. Their site mentions "data fragments" being analyzed. Think security camera system. If a problem happens, you pull the digital tape and prevent it from being overwritten.
2. Heartbleed is a bug that takes advantage of a buffer overrun that allows random 64K of data to be extracted from RAM. I don't know the normal packet size, but lets assume that its normally small. A 'heartbeat' packet of unusual size could potentially be detected.
3. If #2 is not technically feasible, then comparing https IP traffic against https service usage could reveal system hitting the system without legitimate use (such as logging in).
Health forum: Health, well-being, medicine, aging, digital currency enslavement, depopulation conspiracy.
If you want to discuss anything real, you're in the wrong place.
If you want to discuss anything real, you're in the wrong place.
- Woodenhead
- Guru
- Posts: 5190
- Joined: Jun 2nd, 2009, 2:47 pm
- Woodenhead
- Guru
- Posts: 5190
- Joined: Jun 2nd, 2009, 2:47 pm
Re: Heartbleed!
Also (as if this is a surprise to most of us) :
NSA exploited Heartbleed bug for two years to gather intelligence
Your bias suits you.