Anyone aware of being affected?
What is the best way for an internet user to handle this?
Loads of passwords for loads of sites, hard to know which are vulnerable. I wouldn't dare dream of using internet banking until this was clearly sorted. Bit of an internet nightmare, but I suppose OpenSSL being holed under the waterline isn't the sort of thing that is easily explained in 30 seconds on the main news of the day.
Note that ecforum seems safe, good work, Carl.
Heartbleed
-
- Posts: 6028
- Joined: Fri Dec 08, 2006 8:05 pm
- Location: Evesham
Re: Heartbleed
Not having SSL means we are not affected.Paul McKeown wrote:Anyone aware of being affected?
What is the best way for an internet user to handle this?
Loads of passwords for loads of sites, hard to know which are vulnerable. I wouldn't dare dream of using internet banking until this was clearly sorted. Bit of an internet nightmare, but I suppose OpenSSL being holed under the waterline isn't the sort of thing that is easily explained in 30 seconds on the main news of the day.
Note that ecforum seems safe, good work, Carl.
I would suggest resetting passwords on other major sites however especially if you never reset passwords or worse still use the same password in lots of places.
Cheers
Carl Hibbard
Carl Hibbard
Re: Heartbleed
It was suggested last night that changing passwords on Google, Yahoo, etc. would be OK since the major sites will have fixed the 'bug'.
Smaller sites may take more time and so waiting a few days was recommended - as it is not a good idea to change passwords until the 'bug' has been fixed at those sites.
It has been said that domain names can be checked (to see if they have resolved the problem) at -
http://www.ssllabs.com
However, it was not obvious to me how to be sure it had been resolved when I tried a few names there.
Smaller sites may take more time and so waiting a few days was recommended - as it is not a good idea to change passwords until the 'bug' has been fixed at those sites.
It has been said that domain names can be checked (to see if they have resolved the problem) at -
http://www.ssllabs.com
However, it was not obvious to me how to be sure it had been resolved when I tried a few names there.