• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

have you changed your password yet?

 
author & internet detective
Posts: 39789
797
Eclipse IDE VI Editor Java
 
author
Posts: 8998
19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?
 
Ranch Hand
Posts: 335
6
Tomcat Server Ubuntu Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using the list that Jeanne posted is the best answer I've seen so far. It seems safe to change passwords on the sites that have applied the patches. Hopefully the list will continue to be updated.

The Heartbleed checkers are vague on sites that don't use OpenSSL at all or sites that are blocking the vulnerability test because they are being bombarded.

Here is one checker
http://filippo.io/Heartbleed/#fatcow.com

This question was also raised here:
https://coderanch.com/t/631935/Security/Heartbleed-Bug-vulnerability-popular-OpenSSL

Jeanne was javaranch.com / coderanch.com using the vulnerable OpenSSL and is it patched ?
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've changed the passwords for the accounts I use most. Don't know if it was really necessary or not, but it's a good idea anyway to change your passwords every now and then.
 
Jeanne Boyarsky
author & internet detective
Posts: 39789
797
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bert Bates wrote:I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?


I don't know about the cache, but I'm waiting until they announce a fix. If for no other reason that I'll just have to change it again once they do announce a fix. Given they are still vulnerable and all.

The Ranch has now changed all of it's own gmail passwords. I've changed my personal ones for a number of sites. (hoping I don't forget all my passwords now.) Luckily, I use two factor authentication for gmail so was never exposed there.

I also took this opportunity to set up two factor for github. For reference, here are the sites with two factor enabled.
 
Well THAT's new! Comfort me, reliable tiny ad:
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!