a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by user-inactivated
user-inactivated  ·  3884 days ago  ·  link  ·    ·  parent  ·  post: What To Do Now That The Heartbleed Bug Exposed The Internet : All Tech Considered : NPR

There isn't much the individual user can do at this point (evidenced by NPR's excellent but irrelevant advice at the end of the article). The servers need to be updated and certificates need to be recreated, which is the responsibilities of the admins at various companies.

I haven't received any e-mails from websites telling me to change my password, which I find absolutely amazing. I don't think the scope of the potential leaks has really been understood by the companies yet. This really highlights that more resources need to be put into critical open source projects. Bugs are very difficult to find though, in any complex software. I'm not really sure how these sorts of things can be 100% prevented in the future. Open source is still the best bet for catching them though. Maybe we need more testing and review teams to comb through the source?





cradle  ·  3882 days ago  ·  link  ·  

I've received about half a dozen emails regarding heartbeat fixes, most from services I've rarely used.

llagerlof  ·  3882 days ago  ·  link  ·  

People should change their passwords of all used sites. 2/3 of all Internet is affected, so do not wait for the warning e-mails from the services you use. They could never arrive. Just go and do it. Remember, focus first on what is most important for you, like bank accounts, e-mails and notebook-sites alike. The chances you, as an individual, being affected is low but why risk?

insomniasexx  ·  3882 days ago  ·  link  ·  

True - also remember that if you used the same password in a few places, you need to change all of them. That means if you used password 123456 on a random forum 4 years ago, and also use 123456 as your password for banking, you're still potentially screwed. I'm waiting a couple more days and redoing them all. I just did this 3 months ago. What a pain in the ass.

Complexity  ·  3881 days ago  ·  link  ·  

I have a metric ArseTon (SI Units) of pass phrases for a bastardardy of sites collected in the last few years. Like kleinbl00 I run my own mailserver alongside Google hosted stuff and at last count I have upwards of 400 separate email addresses for 400 separate sites/services.

This could be a the moment to bite the bullet and move as much as I can over to 2-factor auth, at least for the large entities like Google and anything else which will let me.

kleinbl00  ·  3881 days ago  ·  link  ·  

I'm going over to random hashes. Ugh. Goodbye human-parseable passwords.

kleinbl00  ·  3881 days ago  ·  link  ·  

According to 1Password, I have:

- 281 logins stored

- 206 that are duplicates

- 44 that are weak

- 279 that need to be changed

That "279" and "281" were both "281" yesterday. But after twenty minutes, I had successfully changed three passwords.