Everybody should read this..very important!!

BC1969

Banned
Sep 4, 2013
5,827
10,449
Somewhere directly above the center of the Earth.
Primary Interest:
Other
Y'all know I keep on top of security issues, both digitally and physically and well if you do Anything online this most likely affects you!, read it twice!! Let it sink in as to how critical this is to your safety in many ways..just use your favorite search engine for ( heartbleed )

Mike

'Heartbleed' threat puts passwords, credit cards and other data at risk

Published April 08, 2014
Associated Press

Passwords, credit cards and other sensitive data are at risk after security researchers discovered a problem with an encryption technology used to securely transmit email, e-commerce transactions, social networking posts and other Web traffic.

Security researchers say the threat, known as Heartbleed, is serious, partly because it remained undiscovered for more two years. Attackers can exploit the vulnerability without leaving any trace, so anything sent during that time has potentially been compromised. It's not known, though, whether anyone has actually used it to conduct an attack.

Researchers are advising people to change all of their passwords.

The flaw was discovered independently in recent days by researchers at Google Inc. and the Finnish security firm Codenomicon.

The breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. With the Heartbleed flaw, traffic was subject to snooping even if the padlock had been closed.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

Researchers at Codenomicon say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw. OpenSSL is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.

Despite the worries, Codenomicon said many large consumer sites don't have the problem because of their "conservative choice" of equipment and software. "Ironically smaller and more progressive services or those who have upgraded to (the) latest and best encryption will be affected most," the security firm added.

A fix came out Monday, but affected websites and service providers must install the update.

Yahoo's Tumblr blogging service uses OpenSSL. In a blog post Tuesday, officials at the service said they had no evidence of any breach and had immediately implemented the fix.

"But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr's blog post read. "This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."

Yahoo Inc. said its other services, including email, Flickr and search, also have the vulnerability. The company said some of the systems have already been fixed, while work is being done on the rest of Yahoo's websites.

The company reiterated its standard recommendation for people to change passwords regularly and to add a backup mobile number to the account. That number can be used to verify a user's identity if there are problems accessing the account because of hacking.



For the tech savvy, business owners, site admins.
Heartbleed Bug
 

OP
OP
BC1969

BC1969

Banned
Sep 4, 2013
5,827
10,449
Somewhere directly above the center of the Earth.
Primary Interest:
Other
Web security/antivirus..are just made up words so people will FEEL safe..but this issue is with servers, such as your bank, this is not something a home user can fix, the gist of it is change all of your passwords/pins..
On the other issue of PC based net security..is does not exist!..many people tell me that their ( insert fancy security suite here) will protect their PC's from hackers, not that I want to make my customers worry, but really, if sponsored hackers can break into and take a nuclear power plants reactors offline...they can get in your PC..

Mike
 

Treasure_Hunter

Administrator
Staff member
Jul 27, 2006
48,252
54,327
Florida
Detector(s) used
Minelab_Equinox_ 800 Minelab_CTX-3030 Minelab_Excal_1000 Minelab_Sovereign_GT Minelab_Safari Minelab_ETrac Whites_Beach_Hunter_ID Fisher_1235_X
Primary Interest:
All Treasure Hunting
It is like lighting if it wants in bad enough it will get in...

We install a lot of firewalls for customers, they will keep out 98% of the hackers.

My bank accounts are insured against theft. Had my CC numbers skimmed at a gas station in Dec 2010, they ran up $3k in 4 hours at 4 different Walmarts. I got all my money back within 36 hours...






American by birth, Patriot by choice.

I would rather die standing on my two feet defending our Constitution than live a lifetime on my knees......
 

Chadeaux

Gold Member
Sep 13, 2011
5,512
6,408
Southeast Arkansas
Detector(s) used
Ace 250
Primary Interest:
Cache Hunting
there are still laws and other areas where they will eventually get caught.

Misplaced faith in a broken and corrupt system.

IF (and it's a BIG IF) they get caught, it is as likely that they will be put to work by the arresting agency as the possibility of their being prosecuted.

Don't trust anyone under 120!
 

Last edited:

texasred777

Bronze Member
Nov 21, 2013
1,729
1,461
Mountain Home, Idaho
Detector(s) used
BH Lone Star, BH Tracker IV, BH Tracker 2-D/707, Harbor Freight MD-3005, and 2 BH 840
Primary Interest:
Metal Detecting
These things are why I don't do 'Facebook', 'Twitter', 'Photobucket', etc. I had some pictures of my dog on Photobucket and few years ago, and saw one of the pictures somewhere (don't remember where now) being used for something. I went in and deleted all the pictures immediately. I do almost all of my banking and bill paying online; but I also watch very carefully the results when I make a payment or anything in the way of banking. My bank account gets checked almost every day and sometimes several times if I'm using my debit card when making purchases. Most of what I buy online is paid for through PayPal. I don't worry too much about being hacked. I very seldom have enough money for anybody to want!!! I did have my debit card cancelled and replaced by the bank a few weeks ago because someone tried to charge $1.99 to it. I saw it when I went online to check my account; but couldn't call the bank because it was early a.m. About 8:30 a.m., the phone rang. It was the security company that the bank employs to watch for such things. They asked me if I had made a purchase for that amount. I told them that I had not and had seen the charge on my account. The lady told me that most of the time the thieves would make a couple of small charges and if the charges were not contested, then they would make a couple of large purchases. So they cancelled my card and issued another. Gee, I had to actually write checks for about 5 days! They also told me that if my account was charged and wasn't caught immediately, that I had (I believe) 72 hours to contest the charge. I do change my password for my banking every few months.
 

Top Member Reactions

Users who are viewing this thread

Latest Discussions

Top