Heartbleed Virus.

Evans Electric · Apr 24, 2014

Just received a warning from Norton about this , which is very rare as Norton tends to work away in the background and just puts a monthly report up .

They advise changing passwords on sites with a vuinerable version of OpenSSL ( I have no idea what that means )

Norton affered a tool to check out websites for this virus , this Forum was OK along with Amazon and ebay.

Thought this would be seen by more here than the Computer Thread.

Barx · Apr 24, 2014

HeartBleed is not a virus, it is a security vulnerability found in the OpenSSL software. The funny thing is, there is this mad rush to change your passwords, etc, yet the vulnerability has been about for a couple of years I believe.

SLIPSHOD & SLAPDASH · Apr 24, 2014

My brother who works in computery things sent me this a few days after the news broke,

You may or may not have been paying attention to the "heartbleed" stories in the news in the last couple of days. Here's a quick summary:
• up to 2/3 of all of the world's 'secure' websites may have been set up in a way that exposes random chunks of data that should have been encrypted. The exposed data may contain anything, so most of the time is useless, but in theory a hacker could repeatedly scrape a server until they find something useful like a password.
• the error was introduced about 2 years ago and was discovered by good-guys in the last few days
• no-one knows if any hackers have ever actually exploited it, as they would leave no trace. The assumption is that it probably has been exploited. Now that it's public, it's definitely being exploited.
• responsible sites are fixing as fast as they can
• if you have used any of the vulnerable sites in the last couple of years, it is possible that a hacker knows your password

What you should do:
For any of the vulnerable sites, wait until they issue a statement that they have fixed the vulnerability then change your password.
• Never use the same password on multiple sites
• Never change your password while logged in to a public wifi

What is affected:
• Facebook - ambiguous - so change your password.
• Yahoo! pretty well anything owned by them - Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. Change these now. Other yahoo services wait until Yahoo fixes them
• Dropbox - affected - change your password
• Google - Google is being annoying ambiguous - they are saying there's no need to change your gmail password, but they are also saying they did patch Search, Gmail, YouTube, Wallet, Play, Apps and App Engine. So if you want to be safe, change your password. By all accounts, Android was not affected.
• banks - check their websites - if in doubt, wait a couple of days and change password, keep an eye on your statements.
• Netflix - ambiguous, change your password
• Hotmail - no risk (wow, is that still running?)
• LinkedIn - no risk
• Amazon - no risk unless you own a site
• Paypal - no risk
• eTrade - no risk