Heartbleed: HubPages not affected, but check your other accounts!

Jump to Last Post 1-6 of 6 discussions (29 posts)
  1. TIMETRAVELER2 profile image99
    TIMETRAVELER2posted 4 years ago

    If you have not yet heard about it, take a look at the web to get info on the heartbleed bug.  Experts are advising people to change every username and password...but only AFTER the accounts they use have fixed the security on this bug.  Just thought you needed to know.  I was shocked when I read about it and am still wondering if HP and other sites are safe at the moment.

    1. Nell Rose profile image91
      Nell Roseposted 4 years agoin reply to this

      Yep, just saw it on the news! not sure if its to do with a particular browser or site though?

      1. TIMETRAVELER2 profile image99
        TIMETRAVELER2posted 4 years agoin reply to this

        Nell Rose:  This involves many, many sites.  Read the info below to check the ones you use.  HP, by the way, is NOT safe right now.

    2. RachaelOhalloran profile image85
      RachaelOhalloranposted 4 years agoin reply to this

      I just uploaded a hub about it. I hope people will take this seriously because it is serious.

      1. TIMETRAVELER2 profile image99
        TIMETRAVELER2posted 4 years agoin reply to this

        Rachael  You beat me to it!

    3. Matthew Meyer profile image74
      Matthew Meyerposted 4 years agoin reply to this

      For those new to this thread, please see the update below.
      http://hubpages.com/forum/post/2572438

  2. JDubya profile image81
    JDubyaposted 4 years ago

    There's an excellent resource on the impact of this bug at http://heartbleed.com/  This one is really bad. But as TimeTraveler points out, it's pointless to update until AFTER the website fixes their vulnerability.

  3. JDubya profile image81
    JDubyaposted 4 years ago

    Another good resource, if you're interested in getting some help with password management, is http://lastpass.com  The service is free, unless you want to use the mobile app, then it's $12 per year.

    1. TIMETRAVELER2 profile image99
      TIMETRAVELER2posted 4 years agoin reply to this

      JDubya   I just found that site and checked all of my main websites...almost ALL of them, including HP, FB, Amazon and a few others are UNSAFE at the moment.  I urge everybody to go on to lastpass.com to check each and every site they use because most have NOT updated the fix yet and it is pointless to change your Passwords until they do.  HP needs to get busy on this one asap!

      1. TIMETRAVELER2 profile image99
        TIMETRAVELER2posted 4 years agoin reply to this

        List of sites I found on lastpass.com of some of the main sites that currently are unsafe:

        HP
        Bubblews
        Paypal
        Ebay
        Discover
        USPS
        Overstock.com
        Priceline.com
        Staples
        Stumbleupon
        VerizonWireless
        Walgreens
        Walmart
        Facebook
        Craigslist
        Google
        Amazon

        Yahoo is now safe as are Brighthouse, Crackle,Pinterest and Redbox.

        Try not to use the unsafe sites until the problem is fixed and keep checking because they are fixing rapidly.

        1. RachaelOhalloran profile image85
          RachaelOhalloranposted 4 years agoin reply to this

          http://s1.hubimg.com/u/8878828_f248.jpg

          I have the Last Pass checker  site on my hub with other info.  I keep checking on Hubpages and it hasn't been updated all day  sad
          I hope they patch it soon. Getting a little worried

          https://lastpass.com/heartbleed/?h=hubpages.com

          1. Matthew Meyer profile image74
            Matthew Meyerposted 4 years agoin reply to this

            I followed up with our engineering team and it looks like Lastpass is basing their assessment solely on the presence of nginx and openssl.

            Here is another site that runs a more comprehensive test that actually tries the exploit.  Their results confirm HubPages is not affected.
            http://filippo.io/Heartbleed/#hubpages.com

            http://s1.hubimg.com/u/8878990_f248.jpg

            Their FAQ has more information.
            http://filippo.io/Heartbleed/faq.html

            1. The Examiner-1 profile image72
              The Examiner-1posted 4 years agoin reply to this

              I just Googled 'OpenSSL' and read this information about different versions:

              Affected
              OpenSSL 1.0.2-beta
              OpenSSL 1.0.1 – OpenSSL 1.0.1f
              Unless an operating system patch for CVE-2014-0160 has been installed that doesn't change the library version, which is the case for Debian, Red Hat Enterprise Linux (including derivatives such as CentOS, Amazon Linux) or Ubuntu (including derivatives such as Linux Mint).

              Unaffected
              OpenSSL 1.0.2-beta2 (upcoming)
              OpenSSL 1.0.1g
              OpenSSL 1.0.0 (and 1.0.0 branch releases)
              OpenSSL 0.9.8 (and 0.9.8 branch releases)

            2. RachaelOhalloran profile image85
              RachaelOhalloranposted 4 years agoin reply to this

              Thanks Matthew Meyer smile  I added it to the other URL's that I'm keeping track with.

              THX for the FAQ's,

              Use this link to check sites
              http://filippo.io/Heartbleed/

            3. TIMETRAVELER2 profile image99
              TIMETRAVELER2posted 4 years agoin reply to this

              Matthew   Yes, I found this one awhile ago and have been using both sites. There was another tracker site I was using until Chrome showed it as being not safe!

          2. RachaelOhalloran profile image85
            RachaelOhalloranposted 4 years agoin reply to this

            Many sites have complied with the patch (fix) so keep checking to make sure the sites you  use most often have been patched.  Only then, change your password. Several sites like Pinterest and tumblr are sending automated messages with link to change password.  But in order to use the site, that screen redirects you to their log in screen.  In the past this used to be a red flag for a scam site. But this is how all the sites (the ones who notify users) are doing it now.

            It is similar to when you change your password with Google, you get redirected to sign in screen again.  Keep checking the sites on heartbleed.com or others as shown on this forum, on my hub or your favorite trusted site for security checks.  There are still quite a few sites who are not in compliance yet with the patch.

            Hubpages is clear although Last Pass still is not up to date on Hubpages and several others I checked who are patched.  I don't think their site is updated as often as they would like you to believe to keep people in the loop about which sites have been patched. 

            My bank comes up vulnerable, but when I check on heartbleed.com - it says all clear.  So trust the site you have been getting the best results on, then change your password for that site.

        2. The Examiner-1 profile image72
          The Examiner-1posted 4 years agoin reply to this

          TIMETRAVELER2
          I just received an email from Pinterest today (I am a member) that they did not feel safe and felt I should change my password. Which I was going to do anyway.

          1. TIMETRAVELER2 profile image99
            TIMETRAVELER2posted 4 years agoin reply to this

            That's interesting because Pinterest is showing as safe on several of the trackers and also on the new Chrome tracker.  Changing your password before they fix the problem is a waste of time because once they fix it, you have to change your password again.

            1. psycheskinner profile image81
              psycheskinnerposted 4 years agoin reply to this

              They are safe now because they have patched the problem.  Their email was to say you should change your password because they were vulnerable for a period of time before they patched it.

              1. The Examiner-1 profile image72
                The Examiner-1posted 4 years agoin reply to this

                So if I understand your post correctly, I will not have to change it again.

                1. psycheskinner profile image81
                  psycheskinnerposted 4 years agoin reply to this

                  So long as you changed it after the fix was made, you are good.

                  1. The Examiner-1 profile image72
                    The Examiner-1posted 4 years agoin reply to this

                    As I said a few back, I changed it after I received the email from them.

            2. RachaelOhalloran profile image85
              RachaelOhalloranposted 4 years agoin reply to this

              Pinterest has the all clear as of 4/11/2014 mid-day and is emailing all its members in batches with link to change password.

              After you change password on that link, you still have to go to log in screen again and use the new password.  The change screen is a secure screen that will not allow you to continue to your account on the site without re-logging in.

          2. TIMETRAVELER2 profile image99
            TIMETRAVELER2posted 4 years agoin reply to this

            I received the Pinterst notification after I had already changed my password there!

  4. psycheskinner profile image81
    psycheskinnerposted 4 years ago

    Basically once a site becomes safe you should change your password.

    1. RachaelOhalloran profile image85
      RachaelOhalloranposted 4 years agoin reply to this

      Yes, but wait for the all clear by checking Last Pass or CNET

      1. TIMETRAVELER2 profile image99
        TIMETRAVELER2posted 4 years agoin reply to this

        If you use Chrome they just added an extension that , if installed, will automatically display if you are on a site that is not safe.  It is not displaying on Pinterest, Hub Pages, FB or some of the others I mentioned earlier.

  5. JDubya profile image81
    JDubyaposted 4 years ago

    In a nutshell, here's what happens when this bug is exploited ... https://xkcd.com/1354/

  6. Anna Marie Bowman profile image89
    Anna Marie Bowmanposted 4 years ago

    And I just changed all my passwords about a month ago, after I had a personal issue...here I go again...

Closed to reply
 
working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)