Help me understand this whole Heartbleed security bug thing

Discussion in 'Community Discussion' started by GanChan, Apr 8, 2014.

  1. GanChan macrumors 6502a

    Joined:
    Jun 21, 2005
    #1
    According to this article:

    ...I'm advised to wait until all my banking institutions, etc. announce that they have fixed the encryption glitch before I change my passwords, because doing it now on a non-secure site would be mega-dumb. Right?

    Problem is, I'm not seeing anyone making any such announcements that they've done anything to plug the hole yet. So how long can I safely wait to change my passwords?

    Not sure how to handle this.
     
  2. Garsun macrumors regular

    Garsun

    Joined:
    Oct 20, 2009
    #2
    The email server I use "MyKolab" just let me know that thay have been fixed.
    So there's one..... I have not seen anyone else I use announce anything yet:(
     
  3. Nermal, Apr 9, 2014
    Last edited: Apr 9, 2014

    Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #3
    You can use this checker to see whether a site is affected. Note that a "pass" does not guarantee that it's safe to reset your password as it's up to the site owner to revoke all existing certificates. If the server has been updated but the "broken" certificates are still out there then there's still a problem.
     
  4. Prof. macrumors 601

    Prof.

    Joined:
    Aug 17, 2007
    Location:
    Chicago
    #4
    So how will we know when it's safe to change all our passwords?:confused:
     
  5. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #5
    Google the site name along with heartbleed to see if anybody else has asked and found out, otherwise contact the site directly.
     

Share This Page