Worried about Heartbleed?

[wrdwrght]

Buying knives (not to mention other business transactions) on the Net has become more than worrisome with the announcement of the Heartbleed vulnerability.

Using a Heartbleed checker, I have found that Cutlery Shoppe and Knifeworks are not and have not been vulnerable to Heartbleed. Among other knife dealers I've bought knives from, Howes Knife Shop, New Graham Knives, Grand Prairie Knives and Blade HQ are possibly vulnerable...

Care to add what seems safe and unsafe?

[phillipsted]

THE LIST - as of noon 11 APR:

Change these passwords now (they were patched)

Google, YouTube and Gmail
Facebook
Yahoo, Yahoo Mail, Tumblr, Flickr
OKCupid
Wikipedia

Don't worry about these (they don't use the affected software, or ran a different version)

Amazon
AOL and Mapquest
Bank of America
Capital One bank
Charles Schwab
Chase bank
Citibank
E*Trade
Fidelity
HSBC bank
LinkedIn
Microsoft, Hotmail and Outlook
PayPal
PNC bank
Scottrade
TD Ameritrade
Twitter
U.S. Bank
Vanguard
Wells Fargo

Don't change these passwords yet (still unclear, no response)

American Express
Apple, iCloud and iTunes
Healthcare.gov

[wrdwrght]

Thanks, Ted. Nice to see that most of my financial concerns are in the "Don't worry about these" column.

[JNewell]

THE LIST - as of noon 11 APR:


Don't change these passwords yet (still unclear, no response)

American Express
Apple, iCloud and iTunes
Healthcare.gov

Apple has confirmed that the Applesphere was never affected by the vulnerability.

[paladin]

Thanks Ted...nice to have a friend "in the know."

[Strong-Dog]

Excuse my ignorance, but can someone explain this whole thing to me?

[LC Kid]

^^^ Here:

http://heartbleed.com/


A lot of experts had said this would be in a scale from 0 to 10, a solid +11 vulnerability. :eek:

[Strong-Dog]

^^^ Here:

http://heartbleed.com/


A lot of experts had said this would be in a scale from 0 to 10, a solid +11 vulnerability. :eek:

Thanks, changed all of my google related passwords. I'm assuming eBay is ok, since Paypal is? I would also like to know which dealers are affected, as I just ordered from Howes, GPKnives, and maybe some others I can't think of

[paladin]

Thanks, changed all of my google related passwords. I'm assuming eBay is ok, since Paypal is? I would also like to know which dealers are affected, as I just ordered from Howes, GPKnives, and maybe some others I can't think of

Check wrdwrght's initial post

[Strong-Dog]

Check wrdwrght's initial post

I know he said they're possible vulnerable, I was wondering if anyone knows for sure

[JNewell]

The issue is not who's vulnerable today - this vulnerability has existed for something like a year or two. So I would think that most of the damage has already been done...?

[D1omedes]

The issue is not who's vulnerable today - this vulnerability has existed for something like a year or two. So I would think that most of the damage has already been done...?

That's definitely a good point. There's rumblings that the federal government may have known of the exploit and kept it quiet so they could continue to have far-reaching access to important information. I'm not sure if that's true or not. But once this exploit hit the web, I'm sure every hacker saw an opportunity to test the waters.

I'm a firm believer in LastPass and went through all of my financial-related websites and changed my passwords. Caution is better than negligence.

[JBE]

A good rule of thumb, regardless of vulnerability, is to change the passwords to your important accounts on a regular basis and NEVER use the same password for all of your accounts. Have separate passwords for email, banking, online retailers, social websites, etc. That way if someone manages to grab, for example, your Facebook password then they also won't have immediate access to your banking info.

[kbuzbee]

The more I learn, the more I HATE computer based civilization.

(Thanks for the heads up, fellas!)

Ken

[wrdwrght]

The more I learn, the more I HATE computer based civilization.

I hear you, Ken, but I'm not so sure we wouldn't screw ourselves over as some other kind of civilization...

Looking for some comfort in the Heartbleed wilderness? How about this one.

[kbuzbee]

I'm a firm believer in LastPass and went through all of my financial-related websites and changed my passwords. Caution is better than negligence.

Looked it over. Discovered that I'm not smart enough to use LastPass It says there is some kind of plugin needed but not where that plugin might be found. I guess it's a secret

I hear you, Ken, but I'm not so sure we wouldn't screw ourselves over as some other kind of civilization...

No doubt about that.

Looking for some comfort in the Heartbleed wilderness? How about this one.

Good to know but there's always the next disaster if this one doesn't get you.

Ken

[The Deacon]

The more I learn, the more I HATE computer based civilization.

(Thanks for the heads up, fellas!)

Ken

True Ken, and even if you don't own a computer they can still get you. The Experian data breach has potentially exposed pretty much everyone in the USA who has, or has ever had, credit of any kind in their own name, some TWO HUNDRED MILLION people in all, to identity theft.

[JNewell]

One thing that I read this week that interested me was that medical data is much more valuable than financial data. It can be used to generate false insurance claims and false prescriptions. I assume that the processes in place to monitor fraud in these areas must be less sophisticated than those run by banks and some other financial institutions.

[wrdwrght]

One thing that I read this week that interested me was that medical data is much more valuable than financial data. It can be used to generate false insurance claims and false prescriptions. I assume that the processes in place to monitor fraud in these areas must be less sophisticated than those run by banks and some other financial institutions.

I think your assumption is correct. The prospect is certainly scary.

[Pinetreebbs]

Looked it over. Discovered that I'm not smart enough to use LastPass It says there is some kind of plugin needed but not where that plugin might be found. I guess it's a secret ...

Ken, the 'plugin' is an application that works inside of your browser, more like an added feature than an application. If you visit this link, it should recognize your particular browser and display the plugin for your browser. They also have applications for Android and Apple smartphones and tablets.

I am a long time LP user. It took a little time to get used to not minding PWs, but I can't imagine not using LP to generate strong passwords and remember them for me.