jump to last post 1-6 of 6 discussions (29 posts)

Heartbleed: HubPages not affected, but check your other accounts!

  1. TIMETRAVELER2 profile image94
    TIMETRAVELER2posted 3 years ago

    If you have not yet heard about it, take a look at the web to get info on the heartbleed bug.  Experts are advising people to change every username and password...but only AFTER the accounts they use have fixed the security on this bug.  Just thought you needed to know.  I was shocked when I read about it and am still wondering if HP and other sites are safe at the moment.

    1. Nell Rose profile image91
      Nell Roseposted 3 years agoin reply to this

      Yep, just saw it on the news! not sure if its to do with a particular browser or site though?

      1. TIMETRAVELER2 profile image94
        TIMETRAVELER2posted 3 years agoin reply to this

        Nell Rose:  This involves many, many sites.  Read the info below to check the ones you use.  HP, by the way, is NOT safe right now.

    2. RachaelOhalloran profile image84
      RachaelOhalloranposted 3 years agoin reply to this

      I just uploaded a hub about it. I hope people will take this seriously because it is serious.

      1. TIMETRAVELER2 profile image94
        TIMETRAVELER2posted 3 years agoin reply to this

        Rachael  You beat me to it!

    3. Matthew Meyer profile image75
      Matthew Meyerposted 3 years agoin reply to this

      For those new to this thread, please see the update below.
      http://hubpages.com/forum/post/2572438

  2. JDubya profile image85
    JDubyaposted 3 years ago

    There's an excellent resource on the impact of this bug at http://heartbleed.com/  This one is really bad. But as TimeTraveler points out, it's pointless to update until AFTER the website fixes their vulnerability.

  3. JDubya profile image85
    JDubyaposted 3 years ago

    Another good resource, if you're interested in getting some help with password management, is http://lastpass.com  The service is free, unless you want to use the mobile app, then it's $12 per year.

    1. TIMETRAVELER2 profile image94
      TIMETRAVELER2posted 3 years agoin reply to this

      JDubya   I just found that site and checked all of my main websites...almost ALL of them, including HP, FB, Amazon and a few others are UNSAFE at the moment.  I urge everybody to go on to lastpass.com to check each and every site they use because most have NOT updated the fix yet and it is pointless to change your Passwords until they do.  HP needs to get busy on this one asap!

      1. TIMETRAVELER2 profile image94
        TIMETRAVELER2posted 3 years agoin reply to this

        List of sites I found on lastpass.com of some of the main sites that currently are unsafe:

        HP
        Bubblews
        Paypal
        Ebay
        Discover
        USPS
        Overstock.com
        Priceline.com
        Staples
        Stumbleupon
        VerizonWireless
        Walgreens
        Walmart
        Facebook
        Craigslist
        Google
        Amazon

        Yahoo is now safe as are Brighthouse, Crackle,Pinterest and Redbox.

        Try not to use the unsafe sites until the problem is fixed and keep checking because they are fixing rapidly.

        1. RachaelOhalloran profile image84
          RachaelOhalloranposted 3 years agoin reply to this

          http://s1.hubimg.com/u/8878828_f248.jpg

          I have the Last Pass checker  site on my hub with other info.  I keep checking on Hubpages and it hasn't been updated all day  sad
          I hope they patch it soon. Getting a little worried

          https://lastpass.com/heartbleed/?h=hubpages.com

          1. Matthew Meyer profile image75
            Matthew Meyerposted 3 years agoin reply to this

            I followed up with our engineering team and it looks like Lastpass is basing their assessment solely on the presence of nginx and openssl.

            Here is another site that runs a more comprehensive test that actually tries the exploit.  Their results confirm HubPages is not affected.
            http://filippo.io/Heartbleed/#hubpages.com

            http://s1.hubimg.com/u/8878990_f248.jpg

            Their FAQ has more information.
            http://filippo.io/Heartbleed/faq.html

            1. The Examiner-1 profile image75
              The Examiner-1posted 3 years agoin reply to this

              I just Googled 'OpenSSL' and read this information about different versions:

              Affected
              OpenSSL 1.0.2-beta
              OpenSSL 1.0.1 – OpenSSL 1.0.1f
              Unless an operating system patch for CVE-2014-0160 has been installed that doesn't change the library version, which is the case for Debian, Red Hat Enterprise Linux (including derivatives such as CentOS, Amazon Linux) or Ubuntu (including derivatives such as Linux Mint).

              Unaffected
              OpenSSL 1.0.2-beta2 (upcoming)
              OpenSSL 1.0.1g
              OpenSSL 1.0.0 (and 1.0.0 branch releases)
              OpenSSL 0.9.8 (and 0.9.8 branch releases)

            2. RachaelOhalloran profile image84
              RachaelOhalloranposted 3 years agoin reply to this

              Thanks Matthew Meyer smile  I added it to the other URL's that I'm keeping track with.

              THX for the FAQ's,

              Use this link to check sites
              http://filippo.io/Heartbleed/

            3. TIMETRAVELER2 profile image94
              TIMETRAVELER2posted 3 years agoin reply to this

              Matthew   Yes, I found this one awhile ago and have been using both sites. There was another tracker site I was using until Chrome showed it as being not safe!

          2. RachaelOhalloran profile image84
            RachaelOhalloranposted 3 years agoin reply to this

            Many sites have complied with the patch (fix) so keep checking to make sure the sites you  use most often have been patched.  Only then, change your password. Several sites like Pinterest and tumblr are sending automated messages with link to change password.  But in order to use the site, that screen redirects you to their log in screen.  In the past this used to be a red flag for a scam site. But this is how all the sites (the ones who notify users) are doing it now.

            It is similar to when you change your password with Google, you get redirected to sign in screen again.  Keep checking the sites on heartbleed.com or others as shown on this forum, on my hub or your favorite trusted site for security checks.  There are still quite a few sites who are not in compliance yet with the patch.

            Hubpages is clear although Last Pass still is not up to date on Hubpages and several others I checked who are patched.  I don't think their site is updated as often as they would like you to believe to keep people in the loop about which sites have been patched. 

            My bank comes up vulnerable, but when I check on heartbleed.com - it says all clear.  So trust the site you have been getting the best results on, then change your password for that site.

        2. The Examiner-1 profile image75
          The Examiner-1posted 3 years agoin reply to this

          TIMETRAVELER2
          I just received an email from Pinterest today (I am a member) that they did not feel safe and felt I should change my password. Which I was going to do anyway.

          1. TIMETRAVELER2 profile image94
            TIMETRAVELER2posted 3 years agoin reply to this

            That's interesting because Pinterest is showing as safe on several of the trackers and also on the new Chrome tracker.  Changing your password before they fix the problem is a waste of time because once they fix it, you have to change your password again.

            1. psycheskinner profile image80
              psycheskinnerposted 3 years agoin reply to this

              They are safe now because they have patched the problem.  Their email was to say you should change your password because they were vulnerable for a period of time before they patched it.

              1. The Examiner-1 profile image75
                The Examiner-1posted 3 years agoin reply to this

                So if I understand your post correctly, I will not have to change it again.

                1. psycheskinner profile image80
                  psycheskinnerposted 3 years agoin reply to this

                  So long as you changed it after the fix was made, you are good.

                  1. The Examiner-1 profile image75
                    The Examiner-1posted 3 years agoin reply to this

                    As I said a few back, I changed it after I received the email from them.

            2. RachaelOhalloran profile image84
              RachaelOhalloranposted 3 years agoin reply to this

              Pinterest has the all clear as of 4/11/2014 mid-day and is emailing all its members in batches with link to change password.

              After you change password on that link, you still have to go to log in screen again and use the new password.  The change screen is a secure screen that will not allow you to continue to your account on the site without re-logging in.

          2. TIMETRAVELER2 profile image94
            TIMETRAVELER2posted 3 years agoin reply to this

            I received the Pinterst notification after I had already changed my password there!

  4. psycheskinner profile image80
    psycheskinnerposted 3 years ago

    Basically once a site becomes safe you should change your password.

    1. RachaelOhalloran profile image84
      RachaelOhalloranposted 3 years agoin reply to this

      Yes, but wait for the all clear by checking Last Pass or CNET

      1. TIMETRAVELER2 profile image94
        TIMETRAVELER2posted 3 years agoin reply to this

        If you use Chrome they just added an extension that , if installed, will automatically display if you are on a site that is not safe.  It is not displaying on Pinterest, Hub Pages, FB or some of the others I mentioned earlier.

  5. JDubya profile image85
    JDubyaposted 3 years ago

    In a nutshell, here's what happens when this bug is exploited ... https://xkcd.com/1354/

  6. Anna Marie Bowman profile image88
    Anna Marie Bowmanposted 3 years ago

    And I just changed all my passwords about a month ago, after I had a personal issue...here I go again...

Closed to reply
 
working