Heartbleed vulnerability

[FastWoman]

Hi all,

Today I've been checking websites where I have logins for their vulnerability to the heartbleed bug. Most sites have been checking out alright. However, classiczcars.com apparently has this vulnerability. I don't yet know the full implications of this security threat or how the security threat would be corrected, but I thought I should make my fellow Z enthusiasts aware of the problem.

Peace,

Sarah

[Zed Head]

How are you checking? Is there software available that checks, or a web site?

Found some bewares on resetting passwords. Pitfalls everywhere. Here's one.

http://www.tomsguide.com/us/heartbleed-password-phishing-scam,news-18595.html

Edited April 10, 2014 by Zed Head

[Pat Carr]

My sister works for IBM and sent the following about Heartbleed:

1) Before you log on any of your banking accounts, first check the url at this site to see if the site's server has been fixed or is unaffected. - Test your server for Heartbleed (CVE-2014-0160)

I can tell you that yesterday many sites were not fixed and today they are! Otherwise, when you log in, your login information could be compromised. Once this was announced, hackers everywhere were on the prowl. Most of the major sites have been fixed (paypal, amazon, Chase, google, etc)

2) Then change your password on all secure sites, including your email. This "programming error" has been out there for 2 years so even if your site is now safe, there is no way to even know if information was taken in the past.

Best way to have a cryptic pw that you can remember is to come up with a phrase such as ...

I graduated from High School in 79 = IgfHSi79. In the past, I used a word such as baseball = bas3ba11 but there are programs out there to figure words with # substitutions now.

[FastWoman]

I used the "test your server" link that Pat cites above -- a utility written by an Italian programmer. Here's the result for classiczcars.com:

Test your server for Heartbleed (CVE-2014-0160)