software isn't safe

[Claude]

Been waiting some 12 hours before posting this just to see if it turns up in other news services, it has now in Europe, so here goes:

A civilisation built upon software isn't safe

Bit of a worry, me thinks !

[Rudi]

That threat has always been around...but what can we ordinary folk do but be vigilant and careful with our credit cards and passwords. It's up to the banks to ensure their own security is in place...I cannot control that! If someone would rather be completely paranoid, take your salary/pension and put it under your mattress, (me thinks), but even THAT has risks.

[StuartR]

The really scary thing about the Heartbleed bug is that patching the SSL software onlty prevents future breaches. Any site running OpenSSL could have already been breached, and that includes getting copies of their security certificates - which could be used for scams in the future. Really they should all revoke their certificates and buy new ones, and they should also change every password - but most are just installing the patch.

[ChrisGreaves]

Bit of a worry, me thinks !

Only if you are due for a tax refund:
Canada Revenue Agency shuts down online services over ‘Heartbleed’ security bug

[StuartR]

I have now changed by Google password, because they have already updated their security certificate.

I will be updating all my other online passwords as I see that the sites have new certificates.

I recommend everyone else does the same

[HansV]

I also turned on two-step authentication for my Google and Microsoft accounts. When I log into the account, I have to enter a verification code sent to my mobile phone.

[StuartR]

I am reluctant to do that.

A few months ago my brother had a break-in - they stole his PC and his mobile phone and he was locked out of his accounts until he could get a replacement SIM and phone.

Today I went round to my Dad's house and left my phone at home by accident, I logged in to his PC to check my gmail.

Both of these scenarios are problems with 2 factor authentication.

[PaulB]

I have now changed by Google password, because they have already updated their security certificate.

I will be updating all my other online passwords as I see that the sites have new certificates.

I recommend everyone else does the same

Good advice, but how can I tell if a site has new security certificates?

[Claude]

You can check if a secure web site has a problem via this Heartbleed test site

[PaulB]

Thanks, Claude. Good find. It gave me reassurances about some sites, but others, not so much. I think I've worked out how to check site security certificates in Firefox. I find it funny that while Google issues its own certs, it has not updated its Gmail site certificate. The issue date is March 12.

[StuartR]

There is a very useful page for checking the status of some major web sites at http://mashable.com/2014/04/09/heartble ... -affected/

[BobH]

Could someone who knows about Heartbleed please tell me what this means?

I went to the Heartbleed Test Site and entered the url and got this screen; but I don't know what it means.

heartbleed..jpg

[HansV]

It's probably just a slight discrepancy in the way the certificate has been assigned, not a security problem. If you ticjk the check box "Advanced", the rest turns out to be OK.

(Your dachshund looks different today! )

[BobH]

. . .
(Your dachshund looks different today! )

That was an accidental selfie taken last weekend while I was trying to make a video with my iPhone. I thought it might scare away all malware.

[Rudi]

The accidental selfie turned out quite well