• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

have you changed your password yet?

 
author & internet detective
Posts: 40798
829
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A nice list of websites affected by the Heartbleed security issue.
 
author
Posts: 9031
21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?
 
Ranch Hand
Posts: 338
7
Tomcat Server Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using the list that Jeanne posted is the best answer I've seen so far. It seems safe to change passwords on the sites that have applied the patches. Hopefully the list will continue to be updated.

The Heartbleed checkers are vague on sites that don't use OpenSSL at all or sites that are blocking the vulnerability test because they are being bombarded.

Here is one checker
http://filippo.io/Heartbleed/#fatcow.com

This question was also raised here:
https://coderanch.com/t/631935/Security/Heartbleed-Bug-vulnerability-popular-OpenSSL

Jeanne was javaranch.com / coderanch.com using the vulnerable OpenSSL and is it patched ?
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've changed the passwords for the accounts I use most. Don't know if it was really necessary or not, but it's a good idea anyway to change your passwords every now and then.
 
Jeanne Boyarsky
author & internet detective
Posts: 40798
829
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bert Bates wrote:I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?


I don't know about the cache, but I'm waiting until they announce a fix. If for no other reason that I'll just have to change it again once they do announce a fix. Given they are still vulnerable and all.

The Ranch has now changed all of it's own gmail passwords. I've changed my personal ones for a number of sites. (hoping I don't forget all my passwords now.) Luckily, I use two factor authentication for gmail so was never exposed there.

I also took this opportunity to set up two factor for github. For reference, here are the sites with two factor enabled.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic