• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

have you changed your password yet?

 
author & internet detective
Posts: 40747
827
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A nice list of websites affected by the Heartbleed security issue.
 
author
Posts: 9031
21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?
 
Ranch Hand
Posts: 338
7
Tomcat Server Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using the list that Jeanne posted is the best answer I've seen so far. It seems safe to change passwords on the sites that have applied the patches. Hopefully the list will continue to be updated.

The Heartbleed checkers are vague on sites that don't use OpenSSL at all or sites that are blocking the vulnerability test because they are being bombarded.

Here is one checker
http://filippo.io/Heartbleed/#fatcow.com

This question was also raised here:
https://coderanch.com/t/631935/Security/Heartbleed-Bug-vulnerability-popular-OpenSSL

Jeanne was javaranch.com / coderanch.com using the vulnerable OpenSSL and is it patched ?
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've changed the passwords for the accounts I use most. Don't know if it was really necessary or not, but it's a good idea anyway to change your passwords every now and then.
 
Jeanne Boyarsky
author & internet detective
Posts: 40747
827
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bert Bates wrote:I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?


I don't know about the cache, but I'm waiting until they announce a fix. If for no other reason that I'll just have to change it again once they do announce a fix. Given they are still vulnerable and all.

The Ranch has now changed all of it's own gmail passwords. I've changed my personal ones for a number of sites. (hoping I don't forget all my passwords now.) Luckily, I use two factor authentication for gmail so was never exposed there.

I also took this opportunity to set up two factor for github. For reference, here are the sites with two factor enabled.
 
reply
    Bookmark Topic Watch Topic
  • New Topic