background preloader

The Heartbleed Hit List: The Passwords You Need to Change Right Now

The Heartbleed Hit List: The Passwords You Need to Change Right Now
An encryption flaw called the Heartbleed bug is already being dubbed one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. But it hasn't always been clear which sites have been affected. Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. Although changing your password regularly is always good practice, if a site or service hasn't yet patched the problem, your information will still be vulnerable. Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. We'll keep updating the list as new information comes in. Social Networks Other Companies Email Stores and Commerce Other

HeartBleed : une chance qu'OpenSSL soit un logiciel libre ! SSL/TLS, la base des communications chiffrées, pas si chiffrées que ça en fait Lorsque vous naviguez sur Internet, vous utilisez parfois sans le savoir des liaisons sécurisées. Ce sont en fait des liaisons chiffrées. C'est le cas lorsque vous vous connectez à votre webmail favori ou au site de votre banque. On comprend tout à fait l'intérêt d'une telle sécurisation. La majorité des serveurs sécurisés utilisent le protocole dit HTTPS. Le spectre de la NSA Il y a un point extrêmement gênant si on recroise avec l'affaire NSA/Prism. Le rôle du logiciel libre dans la gestion de HeartBleed Quelles leçons tirer de tout cela ? Les 4 libertés, l'accès direct à un correctif N'ayant pas accès au code-source, une personne qui aurait constaté un comportement anormal (ici, l'accès à une zone mémoire théoriquement inaccessible) n'aurait pas pu comprendre l'origine même du problème (ici une non-vérification d'une borne dans un tableau). Le logiciel libre, distribué mais organisé

Heartbleed Bug Test your server for Heartbleed (CVE-2014-0160) If there are problems, head to the FAQ Results are now cached globally for up to 6 hours. Enter a URL or a hostname to test the server for CVE-2014-0160. All good, seems fixed or unaffected! Uh-oh, something went wrong: Check what it means at the FAQ. Here is some data we pulled from the server memory: (we put YELLOW SUBMARINE there, and it should not have come back) Please take immediate action! You can specify a port like this example.com:4433. 443 by default. Go here for all your Heartbleed information needs. If you want to donate something, I've put a couple of buttons here.

NSA Said to Exploit Heartbleed Bug for Intelligence for Years The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems. Related: Controversial Practice Free Code Serious Flaws Flawed Protocol Ordinary Data SSL Protocol

Related: