If you have not yet heard about it, take a look at the web to get info on the heartbleed bug. Experts are advising people to change every username and password...but only AFTER the accounts they use have fixed the security on this bug. Just thought you needed to know. I was shocked when I read about it and am still wondering if HP and other sites are safe at the moment.
Yep, just saw it on the news! not sure if its to do with a particular browser or site though?
I just uploaded a hub about it. I hope people will take this seriously because it is serious.
For those new to this thread, please see the update below.
There's an excellent resource on the impact of this bug at http://heartbleed.com/ This one is really bad. But as TimeTraveler points out, it's pointless to update until AFTER the website fixes their vulnerability.
Another good resource, if you're interested in getting some help with password management, is http://lastpass.com The service is free, unless you want to use the mobile app, then it's $12 per year.
JDubya I just found that site and checked all of my main websites...almost ALL of them, including HP, FB, Amazon and a few others are UNSAFE at the moment. I urge everybody to go on to lastpass.com to check each and every site they use because most have NOT updated the fix yet and it is pointless to change your Passwords until they do. HP needs to get busy on this one asap!
List of sites I found on lastpass.com of some of the main sites that currently are unsafe:
Yahoo is now safe as are Brighthouse, Crackle,Pinterest and Redbox.
Try not to use the unsafe sites until the problem is fixed and keep checking because they are fixing rapidly.
I have the Last Pass checker site on my hub with other info. I keep checking on Hubpages and it hasn't been updated all day
I hope they patch it soon. Getting a little worried
I followed up with our engineering team and it looks like Lastpass is basing their assessment solely on the presence of nginx and openssl.
Here is another site that runs a more comprehensive test that actually tries the exploit. Their results confirm HubPages is not affected.
Their FAQ has more information.
I just Googled 'OpenSSL' and read this information about different versions:
OpenSSL 1.0.1 – OpenSSL 1.0.1f
Unless an operating system patch for CVE-2014-0160 has been installed that doesn't change the library version, which is the case for Debian, Red Hat Enterprise Linux (including derivatives such as CentOS, Amazon Linux) or Ubuntu (including derivatives such as Linux Mint).
OpenSSL 1.0.2-beta2 (upcoming)
OpenSSL 1.0.0 (and 1.0.0 branch releases)
OpenSSL 0.9.8 (and 0.9.8 branch releases)
Thanks Matthew Meyer I added it to the other URL's that I'm keeping track with.
THX for the FAQ's,
Use this link to check sites
Matthew Yes, I found this one awhile ago and have been using both sites. There was another tracker site I was using until Chrome showed it as being not safe!
Many sites have complied with the patch (fix) so keep checking to make sure the sites you use most often have been patched. Only then, change your password. Several sites like Pinterest and tumblr are sending automated messages with link to change password. But in order to use the site, that screen redirects you to their log in screen. In the past this used to be a red flag for a scam site. But this is how all the sites (the ones who notify users) are doing it now.
It is similar to when you change your password with Google, you get redirected to sign in screen again. Keep checking the sites on heartbleed.com or others as shown on this forum, on my hub or your favorite trusted site for security checks. There are still quite a few sites who are not in compliance yet with the patch.
Hubpages is clear although Last Pass still is not up to date on Hubpages and several others I checked who are patched. I don't think their site is updated as often as they would like you to believe to keep people in the loop about which sites have been patched.
My bank comes up vulnerable, but when I check on heartbleed.com - it says all clear. So trust the site you have been getting the best results on, then change your password for that site.
I just received an email from Pinterest today (I am a member) that they did not feel safe and felt I should change my password. Which I was going to do anyway.
That's interesting because Pinterest is showing as safe on several of the trackers and also on the new Chrome tracker. Changing your password before they fix the problem is a waste of time because once they fix it, you have to change your password again.
They are safe now because they have patched the problem. Their email was to say you should change your password because they were vulnerable for a period of time before they patched it.
So if I understand your post correctly, I will not have to change it again.
Pinterest has the all clear as of 4/11/2014 mid-day and is emailing all its members in batches with link to change password.
After you change password on that link, you still have to go to log in screen again and use the new password. The change screen is a secure screen that will not allow you to continue to your account on the site without re-logging in.
I received the Pinterst notification after I had already changed my password there!
Basically once a site becomes safe you should change your password.
Yes, but wait for the all clear by checking Last Pass or CNET
In a nutshell, here's what happens when this bug is exploited ... https://xkcd.com/1354/
And I just changed all my passwords about a month ago, after I had a personal issue...here I go again...
by Amanda Littlejohn 4 years ago
Hi, I'm new to Pinterest and just received an email from apparently from them asking me to change my password as there had been some security issue (a virus called Heartbleed).I juts wanted to check if anyone knows if this is legitimate or if it is some kind of phishing scam?Thanks in...
by Adam Finan 6 years ago
Anyone had there e-mail account hacked!?I had my Hotmail account hacked by some wanna be Internet Blogger who emailed all my contacts there links to an affiliate product! Even the editor at Hubpages!!All Hotmail do is say, change your password... Any other ideas??.....
by Rose Gold 7 years ago
Hi this Dorsi I'm posting through my friend Roses account. I tried to sign into my HubPages account this morning and my password, account and picture has been hacked. I can't get in and they have hacked my PayPal account too that is associated with HubPages. Help HubPages!!!
by Kelly Kline Burnett 7 years ago
Yesterday I found my twitter account had postings/tweets that I did not place. I deleted them but am keeping a keen eye on this. What should I do IF this continues?
by santiagomunez 10 years ago
I have doubt on ma wifey that she is talking to someone through her mails i aksed her bt she remained silient n beahved that nthing such had happened before Alcatraz! Niphedorurah i want her email account password please help me how can i get it.
by A.Lawrence 5 years ago
Not sure if this is a technical issue or not.Have always used LastPass to sign in without any problems until 2 days ago, now a captcha prevents this happening, this can be tricky and have to cycle several time to find one easy to read.Even had to sign in with a captcha again to post here, despite...
Copyright © 2018 HubPages Inc. and respective owners. Other product and company names shown may be trademarks of their respective owners. HubPages® is a registered Service Mark of HubPages, Inc. HubPages and Hubbers (authors) may earn revenue on this page based on affiliate relationships and advertisements with partners including Amazon, Google, and others.
|HubPages Device ID||This is used to identify particular browsers or devices when the access the service, and is used for security reasons.|
|Login||This is necessary to sign in to the HubPages Service.|
|HubPages Traffic Pixel||This is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.|
|Remarketing Pixels||We may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.|
|Conversion Tracking Pixels||We may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.|