The Heartbleed Bug
Superayush
Tech lover
When I first read the the title I though it's some serious new threat to human heart...phew...
arijitsinha
﴾͡๏̯͡๏﴿ O'RLY?
Steam have not issued a fix on it yet. So be careful(better refrain from using) while accessing any steam services, like example which requires you to login through openssl.
Complete list of the sites which were tested against this vulnerability:
*github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
These sites are vulnerable:
Surprised to see following sites still vulnerable!
stackoverflow.com
xda-developers.com
steamcommunity.com
*github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
These sites are vulnerable:
yahoo.com
imgur.com
stackoverflow.com
kickass.to
flickr.com
redtube.com
sogou.com
adf.ly
outbrain.com
archive.org
addthis.com
stackexchange.com
popads.net
avito.ru
kaskus.co.id
web.de
suning.com
zeobit.com
beeg.com
seznam.cz
okcupid.com
pch.com
xda-developers.com
steamcommunity.com
slate.com
scoop.it
hidemyass.com
123rf.com
m-w.com
dreamstime.com
amung.us
leo.org
eventbrite.com
wetransfer.com
sh.st
entrepreneur.com
zoho.com
yts.re
usmagazine.com
fool.com
digitalpoint.com
picmonkey.com
petflow.com
squidoo.com
avazutracking.net
elegantthemes.com
500px.com
imgur.com
stackoverflow.com
kickass.to
flickr.com
redtube.com
sogou.com
adf.ly
outbrain.com
archive.org
addthis.com
stackexchange.com
popads.net
avito.ru
kaskus.co.id
web.de
suning.com
zeobit.com
beeg.com
seznam.cz
okcupid.com
pch.com
xda-developers.com
steamcommunity.com
slate.com
scoop.it
hidemyass.com
123rf.com
m-w.com
dreamstime.com
amung.us
leo.org
eventbrite.com
wetransfer.com
sh.st
entrepreneur.com
zoho.com
yts.re
usmagazine.com
fool.com
digitalpoint.com
picmonkey.com
petflow.com
squidoo.com
avazutracking.net
elegantthemes.com
500px.com
Surprised to see following sites still vulnerable!
stackoverflow.com
xda-developers.com
steamcommunity.com
amjath
Human Spambot
bssunilreddy
Chosen of the Omnissiah
arijitsinha
﴾͡๏̯͡๏﴿ O'RLY?
Is there any misuse identified. I don't care about the passwords, but what I am really worried is Card details.
anirbandd
Conversation Architect
well, it is, once you think about it..
you see, if a black hat gets your login and transact credentials when you log in to your bank [thankfully there are no bank sites in that list 
], then he can quite easily get all your money.
then when you get sms'es the transactions, you may get a threat to your heart.
], then he can quite easily get all your money.then when you get sms'es the transactions, you may get a threat to your heart.
just jokin!
or am i??
harshilsharma63
DIY FTW!
Why is is called 'heartbleed', though it sounds pretty cool?
Superayush
Tech lover
well, it is, once you think about it..
you see, if a black hat gets your login and transact credentials when you log in to your bank [thankfully there are no bank sites in that list
then when you get sms'es the transactions, you may get a threat to your heart.
just jokin!or am i??
Hey but for online transaction don't u require a unique pin/OTP so hacker actually cannot really misuse ur stored info
a_k_s_h_a_y
Dreaming
leaks out data from the RAM.. the heart of the system ?
harshilsharma63
DIY FTW!
Source?
SaiyanGoku
kamehameha!!
So, should I change my password or not? :/
thankfully, i have not stored my CC/DC details on any of these sites.
thankfully, i have not stored my CC/DC details on any of these sites.
anirbandd
Conversation Architect
not for all banks.
amjath
Human Spambot
Last year I thought something from Amazon UK using my Credit card. My Credit card has password authentication for transaction. But to my surprise transaction is passed without asking password. So its still vunerable
that's because OTP is mandatory only for debit cards in India if selected.credit cards need to work internationally where regulators don't mandate OTP/password not to mention visa/mastercard do not come under RBI's purview unlike indian banks.that is why it is recommended to use virtual CC & not physical CC for online transactions or use a separate physical CC with low limits for international online transactions.frankly speaking people should not use CC physically even within India & use only their debit cards with OTP option selected unless absolutely necessary.most of the CC cloning is done by your local staff at malls/cafes/shops/restaurants etc & requires physical use of CC.within India if CC is used on indian sites like flipkart & something wrong happens(like this bug e.g.) it is much easier to reverse charges compared to stolen CC info from some international site or CC cloning at some foreign location.
