HeartBleed Checker

Additional option: Qualys has added a Heartbleed check to their SSL test feature: https://www.ssllabs.com/ssltest/

Scary! cr4.globalspec.com comes back from SLL Labs as "No secure protocols supported" and filippo saying it "timed out"?

This is the first I've heard about the Heartbleed bug, thanks Lyn for the info.

Heartbleed only hit the news hear yesterday, but when I checked it up it seems to have been well know for a while.

Look on the positive side - if any of us make any posts we later regret, we can just explain to admin that we were hacked. Banks have been interestingly quiet on their individual vulnerability.

I've not yet read any of the links others have given, but I think there may be some media hysterics going on. If anyone is compromised, then it's probably happened quite some time back. Rushing to change passwords may be the worst thing to do.

Changing passwords frequently is well established and publicized advice, but I wonder how many of us do so ? Anybody working in larger organizations will, if they are well run, get routine demands that they change their access codes. Nope, I don't do so, but that is perhaps an entirely separate discussion.

Just my tuppence, but when the alarm sounds it's worth spending some time deciding which (if any) direction to run.

If you are lucky your bank is not using OpenSSL. There is more protocols out there and the commercial version should not have this vulnerabilty.

What amazes me is that all these sites that claim to be secure are full of it.

They lie to get your money, then wait weeks (or longer) to admit that your "secure" information was stolen and probably sold by now.

That's why I so hate "the cloud".

CryptoLocker hijacked my PC at work and encrypted 100's of files. Then they wanted $3000.00 USD for the key to unlock them. Lesson learned, my antivirus was not running in the background at the time. My fault.

Well, thanks to a $50.00 USD external hard drive that was backing my stuff up, I have been able to retrieve 99% of my important (to me) files, after the malware was wiped out.

The beauty is that much of the stuff they encrypted should have been deleted anyway, so I'll never have to worry about retrieving that two year old memo I wrote and sent.

I completely agree about the absurdity of "the cloud". The only scenario of "the cloud" that makes any type of sense to me is the traveling salesman/executive/specialist that stumbles upon a situation that requires some document that they did not bring with them. This should be an infrequent circumstance instead of SOP. As anyone who casually studies cryptography will tell you, frequent encrypted traffic compromises the encryption technique.

OOPS. Make that $300.00 USD.

Sorry.

"Bows and flows of angel hair and ice cream castles in the air
And feather canyons everywhere, I've looked at clouds that way
But now they only block the sun they rain and snow on everyone
So many things I would have done, but clouds got in my way"

JUDY COLLINS
"Both Sides Now"

(Clannad & Paul Young)

Cloud storage is just, "Bows and flows of angel hair and ice cream castles in the air".

Oh, I do remember that that song, maybe too well. Those were the days my friend! I and I agree with you and Red Fred about the cloud. Every time I've been around them, they always rained on my parade! Who was it that said, "If you don't want it to be public, then don't put it on the net". That's why I will not use the the Cloud, but even then, your still not secure. I won't even swipe my card at the gas pump because of skimming, I go in and pay at the counter, pain in the butt at the time, but ..... much cheaper in the long run.

Now, if only the Western States could have some real actual rain clouds pass over us, I won't bitch!!

Thanks again Lynn

It just gets worser and worser........

Experts Find a Door Ajar in an Internet Security Method Thought Safe

Google; Facebook.

So much for internet security.

No, this is not worse. This is an echo. This is another report on the Heartbleed breech. They do a better job in this article of explaining the sequence of steps required of all participants to return to a secure internet. Calm down, you'll frighten the horses.

For anyone that wants to understand how the heartbleed bug works, this XKCD cartoon does the best explanation I've seen so far. The cartoon is slightly cryptic so one might have to mentally think through the scenario a few times to get the concept.