AbsolutePunk.net
   Username
Password
 
Share
11:18 AM on 04/10/14 
#1
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
Not really a virus ... it's an OpenSSL bug.
06:43 PM on 04/10/14 
#2
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
I'm trying to think of a way to tell my relatives to change all of their passwords that will both make them do so, and won't make them think I'm insane. Cause this is some DEFCON 5 level shit that I spent the past two days dealing with at work.
http://mashable.com/2014/04/09/heart...ites-affected/
07:03 PM on 04/10/14 
#3
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
Facebook, Github, AWS, Twitter, Google, TurboTax, Dropbox, Minecraft, and Soundcloud. Damn I have a lot of new passwords to come up with, as well as more that shared a password in common with one of those services. Fucking hell this is a nightmare.
Yeah. Figured that's a good one to send to relatives so they "get it."
12:26 PM on 04/12/14 
#4
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member


http://xkcd.com/1354/

A (good) explanation of how it works.
12:26 PM on 04/12/14 
#5
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
01:51 PM on 04/12/14 
#6
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
I'm doing some research on Heartbleed now. I know very little about technology, but this 1password app I've been hearing about doesn't sound too great. If someone hacks that, like the Heartbleed hacked all those sites, then they'd get all my passwords at once.

I must be missing something here.
If someone can hack 1Password's AES-256 cryptography -- we have a much, MUCH, larger problem. Having unique, long, strong, passwords for each login (where the point of attack will usually happen) is much more secure.

There's a big difference between what Heartbleed is (an OpenSSL bug) and a coordinated "hack."
04:42 PM on 04/12/14 
#7
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
More reading:

Test the strength of your password: http://rumkin.com/tools/password/passchk.php

And a primer on good passwords.

09:14 PM on 04/12/14 
#8
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
most banks seem to be safe and gmail seems ok as well. I think it'll be ok.

the cause of the "bug" is hilarious though...not so much a bug as it is just bad code.
Google was affected.
09:15 PM on 04/12/14 
#9
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
Just picked up 1Password. Even if I'm not overly concerned about Heartbleed because I have very little damage that can be done to me, I figure the $9 now is worth it for when I actually have important things to guard.
Great call IMO. Good security practices and good backup are two things I think are worth starting early.
11:47 PM on 04/12/14 
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
Ugh. So much bad advice.
09:48 AM on 04/13/14 
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
interesting, I know of no one to have had issues with their google accounts and I can't find legitimate reports of it anywhere. Also Neel Mehta of google security was the guy who discovered it and went public with it, I'd think google knew about the bug well before then and had the necessary patches in place prior to day0.

my yahoo account, on the other hand, absolutely needs a new password.
The link on the first page has Google in the "yes" column -- I would absolutely change your Google passwords.

From Google: " We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth."

Knowing about it before doesn't mean much - if data was scraped earlier and the private keys found, you could retroactively get passwords.

Also, the entire Codenomicon firm deserves credit as well.
10:28 PM on 04/13/14 
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
Yap
08:51 PM on 04/14/14 
Online
User Info.
Jason Tate
Jason Tate's Avatar
Portland, OR
Male - 31 Years Old
Staff Member
http://arstechnica.com/security/2014/04/vicious-heartbleed-bug-bites-millions-of-android-phones-other-devices/

Just FYI for Android users.



NEWS, MUSIC & MORE
Search News
Release Dates
Exclusives
Best New Music
Articles
CONNECT
Submit News
Forums
Contests
Mobile Version
AP.net Logos
HIDDEN TREASURES
AbsolutePunk Podcast
Free Music
Sports Forum
Technology Forum
Recommendations
INFORMATION
Advertising
Contact Us
Copyright Policy
Terms of Service
Privacy Policy
FOLLOW
Twitter | Facebook | RSS
PropertyOfZack
PunkNews.org
UnderTheGun
Chorus.fm