heartbleed-bug

3
Source

Hey, guys, here’s a list of the major websites that were impacted by the Heartbleed bug and what their current status is (this was created only a few hours ago so it’s up-to-date). Thankfully, the most important site of all (meaning, the site that would really fuck you over if it was hacked into), PayPal, was never vulnerable in the first place, so if you use PayPal, your credit card and bank account information has always been safe.

Heartbleed Security Bug: 
Tumblr was among the many, many websites affected by the Heartbleed bug, a vulnerability in supposedly secure connections. Heartbleed even has its own blood-dripping logo.

Tumblr has fixed the problem and posted an urgent security update, recommending that you change your Tumblr password. Expect notices from other affected websites as they patch the problem and change passwords accordingly.

Learn more about protecting yourself from Heartbleed.

The NSA Knew Of HeartBleed Bug For Two Years And Used It To Spy On The Internet

The NSA knew about the Internet security bug Heartbleed and regularly used it to gather intelligence for at least two years, anonymous sources told Bloomberg.

If the report is true — both the White House and the NSA say it’s not  — the NSA could have collected information like passwords and private communications from hundreds of thousands of websites, since Heartbleed is a bug in the popular open-source encryption software OpenSSL, used to secure data flowing from users’ computers to hundreds of thousands of websites, including Gmail and Facebook.

Almost two-thirds of all sites on the Internet use OpenSSL, according to estimates, making this bug possibly one of the most dangerous the Internet has ever seen and potentially allowing the NSA to access information on millions of users.

Matthew Prince, the CEO of security firm Cloudflare, tweeted that it’s “hard as a tech company today to not feel like we’re at war with our own government.

Despite the outrage, this revelation doesn’t come as a complete surprise for many. Over the past few days, some have already speculated whether the NSA used Heartbleed to breach SSL, since documents leaked by Edward Snowden revealed the spy agency has been trying to breach it for years.

It would not at all surprise me if the NSA had discovered this long before the rest of us had,” Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, told Wired. “It’s certainly something that the NSA would find extremely useful in their arsenal.

Watch: What Is The HeartBleed Encryption Bug

The Heartbleed Bug Master Post

Why did Tumblr give you the friendly reminder when you logged in?There has been a bug spreading over the internet as of yesterday, and it has been the worst one of them all. The Heartbleed Bug can hack accounts from all users of a site. Some that have just been hacked are Yahoo and NASA. To help you survive on one of these risky situations, #TopDoge is here to help! To be more aware, click on the links in this master post to stay safe in times like these. Stay Safe AND CHANGE YOUR PASSWORDS AS SOON AS POSSIBLE. 

(SECOND UPDATE)

Heartbleed Bug: Which Passwords to Change

I work for a large organization and the IT department just sent out this notice about the Heartbleed Bug:

Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen. As sites fix the bug on their end, it’s time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private – email, banking, shopping, and passwords.

Don’t change all your passwords yet, though. If a company hasn’t yet updated its site, you still can’t connect safely. A new password would be compromised too.

Many companies are not informing their customers of the danger – or asking them to update their log-in credentials. So, here’s a handy password list. It’ll be updated as companies respond to CNN’s questions.

Change these passwords now (they were patched)

Google, YouTube and Gmail

Facebook

Yahoo, Yahoo Mail, Tumblr, Flickr

OKCupid

Wikipedia

Don’t worry about these (they don’t use the affected software, or ran a different version)

Amazon

AOL and Mapquest

Bank of America

Capital One bank

Charles Schwab

Chase bank

Citibank

E*Trade

Fidelity

HSBC bank

LinkedIn

Microsoft, Hotmail and Outlook

PayPal

PNC bank

Scottrade

TD Ameritrade

Twitter

U.S. Bank

Vanguard

Wells Fargo

Don’t change these passwords yet (still unclear, no response)

American Express

Apple, iCloud and iTunes

Healthcare.gov

So instagram’s having its downtime at this moment and I have this feeling that it’s related with the OpenSSL controversy or the so-called heartbleed bug. I am fond of reading articles thanks to that habit, I am well-informed and I read the news about this encryption flaw. I’ve been reading articles concerning this for almost 3 nights now and I thought it was just a threat until tonight, some bloggers posted their reactions about Instagram’s misbehavior and I was cringing in horror because it’s true.

There’s no article/statement published yet telling what’s happening with IG now and I can’t wait to read ‘em. I’m panicking! Ohmygod! What if the exploiters target Tumblr next? Twitter? Facebook? Youtube? especially Yahoo which serves as an interconnection of every social networking sites we have? and other OpenSSL-based sites? Ugh let’s pray for it not to happen. So yeah, while waiting for further news, I think we should all read this and be aware of what’s happening. Please be guided accordingly! It’s for everyone’s safety.

Click and read this article.

Who wrote the OpenSSL code and who audited it?

Who wrote the OpenSSL code, causing the “‘Heartbleed Bug”?

It seems that a person named “Robbin Seggelmann” is responsible. This is his git-commit introducing the bug.

But who is he working for

T-Systems International GmbH
Fasanenweg 5
70771 Leinfelden-Echterdingen
DE

(Via fefe)

Just as explanation: German “Telekom” and their subsidiaries “T-Systems”, “T-Online”, “T-Mobile”,  "T-Mobile USA" and many others are a former german state authority. Before being partly privatized (the german state today holds 31.9% of Telekom shares), they were a state company.

heartbleed.com
IMPORTANT! The Heartbleed Bug and why your private information might be compromised

ATTN: Anyone who uses anything online with a password (which means: you, because you are on Tumblr reading this). On Monday, it was discovered that SSL, one of the most commonly used forms of security encryption online, had a major vulnerability that may allow blackhat hackers to steal your password (read: SM, credit card, banking) information.

This was a relatively easy patch so you don’t have to worry about it going forward, but consider changing your passwords this weekend in case any of that information was compromised! Pass it on!

➺ ***IMPORTANT: Passwords & the Heartbleed Bug***

Hi, gang! So you’ve probably noticed the banners on your dashboard advising you to change your password, as well as some emails the Tumblr staff has sent out in the past week. This is because of something called the Heartbleed Bug that’s recently come to light.

What is “Heartbleed”?

In short, the encryption of a lot of websites that we all use on a daily basis has had a major flaw existing in it for about the past two years. This flaw left your personal information such as your password, or even your bank account and credit cards, vulnerable.

For a better explanation than I can give, check out this video by Mashable

So what can I do about it?

Unfortunately for the moment, not a whole lot. For affected sites that have been patched, the best thing you can do is change your password as soon as possible. This includes Tumblr!

Since the bug’s existence was discovered, a patch has been made to secure affected websites. It’s not yet clear how many sites have been affected, and of those sites which have had private data compromised, but people who are a lot smarter than I are working hard to fix it.

What other sites have been affected?

For a fairly comprehensive list of popular websites that have or haven’t been affected, and which ones you need to change your password for, check out this handy list by Mashable.

The security firm LastPass has also set up a Heartbleed Checker, where you can type in any website’s URL to see if it has been affected.

So remember! Change your passwords and always be sure to use strong passwords with numbers, letters, and symbols, which can’t be guessed easily.

Change Your Passwords ASAP

Some have heard of this, some may have not. But there’s a recent issue that is harming a lot of people right now, and you can be one of them.

The Heartbleed Bug is sharing your username and password to sites like Facebook, Gmail, YouTube, Yahoo, and even Tumblr! And that’s not all of the list of sites that are affected. Even Netflix!

CNET has given a list of other sites you can take a look and see if you are in need of changing your password (scroll to the bottom, and see if actions are necessary for the website).

Please do this - I’ve been exposed with my account before (Yahoo) and it is very frustrating to lose your profile to someone else. It really is.

Let others know about this if you can.