ChatterBank6 mins ago
New Passwords?
9 Answers
Is it advisable for us to change our passwords on here due to this "hearbleed" thingy?
Answers
Best Answer
No best answer has yet been selected by netibiza. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.Depends on your particular OS, as this bug affects the Open Source data encryption libraries built-in to the OS, as noted below....
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
•Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
•Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
•CentOS 6.5, OpenSSL 1.0.1e-15
•Fedora 18, OpenSSL 1.0.1e-4
•OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
•FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
•NetBSD 5.0.2 (OpenSSL 1.0.1e)
•OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
•Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
•SUSE Linux Enterprise Server
•FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
•FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
•FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
Based on a web tool from security firm Qualys, other major websites like eBay, Google and Microsoft’Outlook email service are not vulnerable to the Heartbleed attack.
Researchers believe Heartbleed, a nickname given to the OpenSSL flaw, already allowed cyber thieves to grab Yahoo usernames and passwords.
Personally, I'd wait to see if the software vendor for your OS actually advises that an upgrade/downgrade to another version is required, as your password is not the issue here, the issue is how the OS deals with the encryption of your data.
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
•Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
•Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
•CentOS 6.5, OpenSSL 1.0.1e-15
•Fedora 18, OpenSSL 1.0.1e-4
•OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
•FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
•NetBSD 5.0.2 (OpenSSL 1.0.1e)
•OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
•Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
•SUSE Linux Enterprise Server
•FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
•FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
•FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
Based on a web tool from security firm Qualys, other major websites like eBay, Google and Microsoft’Outlook email service are not vulnerable to the Heartbleed attack.
Researchers believe Heartbleed, a nickname given to the OpenSSL flaw, already allowed cyber thieves to grab Yahoo usernames and passwords.
Personally, I'd wait to see if the software vendor for your OS actually advises that an upgrade/downgrade to another version is required, as your password is not the issue here, the issue is how the OS deals with the encryption of your data.
Not yet, have a read at at the link.
http:// news.sk y.com/s tory/12 40417/d ont-cha nge-pas swords- over-he artblee d-bug
http://
(and here's the link http:// is.gd/t iWAUc )
-- answer removed --