The Heartbleed Bug

anirbandd · Apr 11, 2014

snap said:
Source:reddit

is 100% true.

but now, i'll have to top up my phone balance physically.

no more net banking for a long time.

amjath · Apr 11, 2014

snap said:
Source:reddit

what the hell

anirbandd · Apr 11, 2014

yeah.. now i'll have to change each of my banking passwords.

such bug..

much pain..

damn..

whitestar_999 · Apr 11, 2014

indian netbanking with OTP enabled is safest option.in fact all those net banking fraud cases in papers depend on 2 things:OTP not selected or OTP selected but with a duplicate sim after blocking the original sim by filing a false lost/stolen report & consumer not paying attention to the fact that his mobile is showing no service message for hours.

snap · Apr 11, 2014

amjath said:
what the hell

there is much more

pretty sure NSA is also using this exploit

The Heartbleed Hit List: The Passwords You Need to Change Right Now

amjath · Apr 11, 2014

snap said:
there is much more

pretty sure NSA is also using this exploit

The Heartbleed Hit List: The Passwords You Need to Change Right Now

No No wait

Don't change your password. It's strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it's applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least initially) but protecting yourself isn't quite as easy as changing your password. Unlike past exploits, Heartbleed isn't a database leak or a list of plaintext logins; it's a flaw in one of the web's most prevalent security protocols -- and until its fixed, updating your login information won't do a darn thing to protect you. What, then, can you do to protect yourself? Wait, watch and verify.

How to avoid heartburn, er, Heartbleed

snap · Apr 11, 2014

xkcd: Heartbleed Explanation

$hadow · Apr 11, 2014

Does going incognito helps?

amjath · Apr 11, 2014

$hadow said:
Does going incognito helps?

Short answer no.

sahil1033 · Apr 11, 2014

amjath said:
Last year I thought something from Amazon UK using my Credit card. My Credit card has password authentication for transaction. But to my surprise transaction is passed without asking password. So its still vunerable

Are you sure you thought? :rofl:

*bought

$hadow · Apr 11, 2014

amjath said:
Short answer no.

Too bad.

zapout · Apr 11, 2014

why it's called heartbleed-

The bug affects how OpenSSL, the most widely used cryptographic library for Apache and nginx Web servers, handles a service of Transport Layer Security called Heartbeat—an extension added to TLS in 2012.

Heartbeat allows a connected Web client or application to send messages to keep a connection active during a transfer of data. When a Heartbeat message is received, the server usually simply echoes back what it got to the sender. However, starting with the initial implementation of Heartbeat in OpenSSL 1.01 (and in all subsequent releases up to OpenSSL 1.01f, including the OpenSSL 1.0.2 beta) the extension could be fooled into sending back the contents of its memory buffer by sending a request that advertised itself as 64 kilobytes long but in fact had no content—resulting in “Heartbleed".

Source

amjath · Apr 11, 2014

WTF, Now affecting routers too

snap · Apr 11, 2014

$hadow said:
Does going incognito helps?

you read OP post ?

Flash · Apr 12, 2014

Remedy: use lastpass..
The LastPass Blog: LastPass and the Heartbleed Bug

- - - Updated - - -

Also check in your favorite in here for the vulnerability:

*lastpass.com/heartbleed/

tkin · Apr 12, 2014

This bug is turning into a nightmare, a lot of the projects handled by our company uses OpenSSL, guess they are all screwed, got some frantic mails from Corporate division, they are asking to shut down all OpenSSL based projects so they can send teams to patch it :twisted:

anirbandd · Apr 12, 2014

tkin said:
This bug is turning into a nightmare, a lot of the projects handled by our company uses OpenSSL, guess they are all screwed, got some frantic mails from Corporate division, they are asking to shut down all OpenSSL based projects so they can send teams to patch it

Great news.

anirbandd · Apr 12, 2014

Flash said:
Remedy: use lastpass..
The LastPass Blog: LastPass and the Heartbleed Bug

- - - Updated - - -

Also check in your favorite in here for the vulnerability:

*lastpass.com/heartbleed/

NO.

If you USE the passwords on vulnerable sites, its still liable to be stolen.

snap · Apr 12, 2014

NSA Said to Exploit Heartbleed Bug for Intelligence for Years - Bloomberg

- - - Updated - - -

*www.cloudflarechallenge.com/heartbleed

*www.theverge.com/us-world/2014/4/1...-heartbleed-to-retrieve-private-security-keys

anirbandd · Apr 12, 2014

does anyone know if Citibank and SBI Online are affected or not??

didnt find any info on the net.

The Heartbleed Bug

Conversation Architect

Human Spambot

Conversation Architect

Super Moderator

Lurker

Human Spambot

Lurker

Geek in making

Human Spambot

In the zone

Geek in making

Ideas are Bulletproof

Human Spambot

Lurker

Lost in speed

Back to school!!

Conversation Architect

Conversation Architect

Lurker

Conversation Architect