Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: How the Heartbleed bug affects users

  1. #11
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How the Heartbleed bug affects users

    Passwords aren't stored on the forums anymore and logging in is dealt with via Ubuntu One/Launchpad.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  2. #12
    Join Date
    Jun 2005
    Beans
    Hidden!

    Re: How the Heartbleed bug affects users

    Quote Originally Posted by CharlesA View Post
    Passwords aren't stored on the forums anymore and logging in is dealt with via Ubuntu One/Launchpad.
    Hoped that was the case but wanted to hear it from you!

  3. #13
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    770

    Re: How the Heartbleed bug affects users

    Quote Originally Posted by CharlesA View Post
    If they have been patched, change your passwords. I would even go so far as to change passwords for sites that say they are unaffected, just in case.

    There are some resources to help with that including a scanner from LastPass: https://lastpass.com/heartbleed/
    One of the companies affected by the vulnerability was password manager LastPass, but the company upgraded its servers as of 5:47 a.m. PT Tuesday, spokesman Joe Siegrist said. CNET

    If was hacked once how does anyone know it won't be hacked again?
    Last edited by Camilia; April 16th, 2014 at 04:30 PM.

  4. #14
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How the Heartbleed bug affects users

    Quote Originally Posted by Camilia View Post
    One of the companies affected by the vulnerability was password manager LastPass, but the company upgraded its servers as of 5:47 a.m. PT Tuesday, spokesman Joe Siegrist said. CNET

    If was hacked once how does anyone know it won't be hacked again?
    Considering the password database they use is encrypted and this bug has nothing to do with a system being "hacked" actively - the vulnerability dealt with a bug in OpenSSL that was patched soon after it was made public. They also reissued their SSL certificate on 4/7 after the patch was applied.

    If you don't want to trust them, that is up to you.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #15
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    770

    Re: How the Heartbleed bug affects users

    Quote Originally Posted by CharlesA View Post
    Considering the password database they use is encrypted and this bug has nothing to do with a system being "hacked" actively - the vulnerability dealt with a bug in OpenSSL that was patched soon after it was made public. They also reissued their SSL certificate on 4/7 after the patch was applied.
    My point that is that it was targeted by heartbleed for some unknown reason. Why shouldn't the heartbleed item weaken its security again?

  6. #16
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How the Heartbleed bug affects users

    Quote Originally Posted by Camilia View Post
    My point that is that it was targeted by heartbleed for some unknown reason. Why shouldn't the heartbleed item weaken its security again?
    Because it was a flaw in OpenSSL and wasn't exactly a targeted attack. The flaw has been patched and LastPass reissued their SSL cert in case the private key was compromised.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #17
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    770

    Re: How the Heartbleed bug affects users

    Quote Originally Posted by CharlesA View Post
    Because it was a flaw in OpenSSL and wasn't exactly a targeted attack. The flaw has been patched and LastPass reissued their SSL cert in case the private key was compromised.
    Thanks for the info. Since it is described as a bug I was thinking of something like a Trojan virus.

    Info from the Washington post made the problem more clearer. Just don't understand what made the Heartbleed bug develop or why.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •