Heartbleed: HubPages not affected, but check your other accounts!

Jump to Last Post 1-6 of 6 discussions (29 posts)

74
TIMETRAVELER2posted 11 years ago
If you have not yet heard about it, take a look at the web to get info on the heartbleed bug. Experts are advising people to change every username and password...but only AFTER the accounts they use have fixed the security on this bug. Just thought you needed to know. I was shocked when I read about it and am still wondering if HP and other sites are safe at the moment.
report
1. 85
  Nell Roseposted 11 years agoin reply to this
  Yep, just saw it on the news! not sure if its to do with a particular browser or site though?
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  Nell Rose: This involves many, many sites. Read the info below to check the ones you use. HP, by the way, is NOT safe right now.
  report
2. 81
  RachaelOhalloranposted 11 years agoin reply to this
  I just uploaded a hub about it. I hope people will take this seriously because it is serious.
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  Rachael You beat me to it!
  report
3. 72
  Matthew Meyerposted 11 years agoin reply to this
  For those new to this thread, please see the update below.
  http://hubpages.com/forum/post/2572438
  report
82
JDubyaposted 11 years ago
There's an excellent resource on the impact of this bug at http://heartbleed.com/ This one is really bad. But as TimeTraveler points out, it's pointless to update until AFTER the website fixes their vulnerability.
report
82
JDubyaposted 11 years ago
Another good resource, if you're interested in getting some help with password management, is http://lastpass.com The service is free, unless you want to use the mobile app, then it's $12 per year.
report
1. 74
  TIMETRAVELER2posted 11 years agoin reply to this
  JDubya I just found that site and checked all of my main websites...almost ALL of them, including HP, FB, Amazon and a few others are UNSAFE at the moment. I urge everybody to go on to lastpass.com to check each and every site they use because most have NOT updated the fix yet and it is pointless to change your Passwords until they do. HP needs to get busy on this one asap!
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  List of sites I found on lastpass.com of some of the main sites that currently are unsafe:
  
  HP
  Bubblews
  Paypal
  Ebay
  Discover
  USPS
  Overstock.com
  Priceline.com
  Staples
  Stumbleupon
  VerizonWireless
  Walgreens
  Walmart
  Facebook
  Craigslist
  Google
  Amazon
  
  Yahoo is now safe as are Brighthouse, Crackle,Pinterest and Redbox.
  
  Try not to use the unsafe sites until the problem is fixed and keep checking because they are fixing rapidly.
  report
  81
  RachaelOhalloranposted 11 years agoin reply to this
  
  I have the Last Pass checker site on my hub with other info. I keep checking on Hubpages and it hasn't been updated all day
  I hope they patch it soon. Getting a little worried
  
  https://lastpass.com/heartbleed/?h=hubpages.com
  report
  72
  Matthew Meyerposted 11 years agoin reply to this
  I followed up with our engineering team and it looks like Lastpass is basing their assessment solely on the presence of nginx and openssl.
  
  Here is another site that runs a more comprehensive test that actually tries the exploit. Their results confirm HubPages is not affected.
  http://filippo.io/Heartbleed/#hubpages.com
  
  Their FAQ has more information.
  http://filippo.io/Heartbleed/faq.html
  report
  60
  The Examiner-1posted 11 years agoin reply to this
  I just Googled 'OpenSSL' and read this information about different versions:
  
  Affected
  OpenSSL 1.0.2-beta
  OpenSSL 1.0.1 – OpenSSL 1.0.1f
  Unless an operating system patch for CVE-2014-0160 has been installed that doesn't change the library version, which is the case for Debian, Red Hat Enterprise Linux (including derivatives such as CentOS, Amazon Linux) or Ubuntu (including derivatives such as Linux Mint).
  
  Unaffected
  OpenSSL 1.0.2-beta2 (upcoming)
  OpenSSL 1.0.1g
  OpenSSL 1.0.0 (and 1.0.0 branch releases)
  OpenSSL 0.9.8 (and 0.9.8 branch releases)
  report
  81
  RachaelOhalloranposted 11 years agoin reply to this
  Thanks Matthew Meyer I added it to the other URL's that I'm keeping track with.
  
  THX for the FAQ's,
  
  Use this link to check sites
  http://filippo.io/Heartbleed/
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  Matthew Yes, I found this one awhile ago and have been using both sites. There was another tracker site I was using until Chrome showed it as being not safe!
  report
  81
  RachaelOhalloranposted 11 years agoin reply to this
  Many sites have complied with the patch (fix) so keep checking to make sure the sites you use most often have been patched. Only then, change your password. Several sites like Pinterest and tumblr are sending automated messages with link to change password. But in order to use the site, that screen redirects you to their log in screen. In the past this used to be a red flag for a scam site. But this is how all the sites (the ones who notify users) are doing it now.
  
  It is similar to when you change your password with Google, you get redirected to sign in screen again. Keep checking the sites on heartbleed.com or others as shown on this forum, on my hub or your favorite trusted site for security checks. There are still quite a few sites who are not in compliance yet with the patch.
  
  Hubpages is clear although Last Pass still is not up to date on Hubpages and several others I checked who are patched. I don't think their site is updated as often as they would like you to believe to keep people in the loop about which sites have been patched.
  
  My bank comes up vulnerable, but when I check on heartbleed.com - it says all clear. So trust the site you have been getting the best results on, then change your password for that site.
  report
  60
  The Examiner-1posted 11 years agoin reply to this
  TIMETRAVELER2
  I just received an email from Pinterest today (I am a member) that they did not feel safe and felt I should change my password. Which I was going to do anyway.
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  That's interesting because Pinterest is showing as safe on several of the trackers and also on the new Chrome tracker. Changing your password before they fix the problem is a waste of time because once they fix it, you have to change your password again.
  report
  65
  psycheskinnerposted 11 years agoin reply to this
  They are safe now because they have patched the problem. Their email was to say you should change your password because they were vulnerable for a period of time before they patched it.
  report
  60
  The Examiner-1posted 11 years agoin reply to this
  So if I understand your post correctly, I will not have to change it again.
  report
  65
  psycheskinnerposted 11 years agoin reply to this
  So long as you changed it after the fix was made, you are good.
  report
  60
  The Examiner-1posted 11 years agoin reply to this
  As I said a few back, I changed it after I received the email from them.
  report
  81
  RachaelOhalloranposted 11 years agoin reply to this
  Pinterest has the all clear as of 4/11/2014 mid-day and is emailing all its members in batches with link to change password.
  
  After you change password on that link, you still have to go to log in screen again and use the new password. The change screen is a secure screen that will not allow you to continue to your account on the site without re-logging in.
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  I received the Pinterst notification after I had already changed my password there!
  report
65
psycheskinnerposted 11 years ago
Basically once a site becomes safe you should change your password.
report
1. 81
  RachaelOhalloranposted 11 years agoin reply to this
  Yes, but wait for the all clear by checking Last Pass or CNET
  report
  74
  TIMETRAVELER2posted 11 years agoin reply to this
  If you use Chrome they just added an extension that , if installed, will automatically display if you are on a site that is not safe. It is not displaying on Pinterest, Hub Pages, FB or some of the others I mentioned earlier.
  report
82
JDubyaposted 11 years ago
In a nutshell, here's what happens when this bug is exploited ... https://xkcd.com/1354/
report
72
Anna Marie Bowmanposted 11 years ago
And I just changed all my passwords about a month ago, after I had a personal issue...here I go again...
report

Closed to reply

jump to first post

Necessary
HubPages Device ID	This is used to identify particular browsers or devices when the access the service, and is used for security reasons.
Login	This is necessary to sign in to the HubPages Service.
Google Recaptcha	This is used to prevent bots and spam. (Privacy Policy)
Akismet	This is used to detect comment spam. (Privacy Policy)
HubPages Google Analytics	This is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic Pixel	This is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web Services	This is a cloud services platform that we used to host our service. (Privacy Policy)
Cloudflare	This is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted Libraries	Javascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)

Features
Google Custom Search	This is feature allows you to search the site. (Privacy Policy)
Google Maps	Some articles have Google Maps embedded in them. (Privacy Policy)
Google Charts	This is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host API	This service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTube	Some articles have YouTube videos embedded in them. (Privacy Policy)
Vimeo	Some articles have Vimeo videos embedded in them. (Privacy Policy)
Paypal	This is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook Login	You can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
Maven	This supports the Maven widget and search functionality. (Privacy Policy)

Marketing
Google AdSense	This is an ad network. (Privacy Policy)
Google DoubleClick	Google provides ad serving technology and runs an ad network. (Privacy Policy)
Index Exchange	This is an ad network. (Privacy Policy)
Sovrn	This is an ad network. (Privacy Policy)
Facebook Ads	This is an ad network. (Privacy Policy)
Amazon Unified Ad Marketplace	This is an ad network. (Privacy Policy)
AppNexus	This is an ad network. (Privacy Policy)
Openx	This is an ad network. (Privacy Policy)
Rubicon Project	This is an ad network. (Privacy Policy)
TripleLift	This is an ad network. (Privacy Policy)
Say Media	We partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing Pixels	We may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking Pixels	We may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.

Statistics
Author Google Analytics	This is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
Comscore	ComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking Pixel	Some articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
Clicksco	This is a data management platform studying reader behavior (Privacy Policy)

Heartbleed: HubPages not affected, but check your other accounts!

Arts and Design

Autos

Books, Literature, and Writing

Business and Employment

Education and Science

Entertainment and Media

Family and Parenting

Fashion and Beauty

Food and Cooking

Games, Toys, and Hobbies

Gender and Relationships

Health

Holidays and Celebrations

Home and Garden

HubPages Tutorials and Community

Personal Finance

Pets and Animals

Politics and Social Issues

Religion and Philosophy

Sports and Recreation

Technology

Travel and Places

About Us

This website uses cookies

Heartbleed: HubPages not affected, but check your other accounts!

Related Discussions

This website uses cookies