SINGAPORE EXPATS FORUM
Singapore Expat Forum and Message Board for Expats in Singapore & Expatriates Relocating to Singapore
Heartbleed: Please change your passwords of affected sites
- the lynx
- Governor
- Posts: 5281
- Joined: Thu, 09 Dec 2010 6:29 pm
- Location: Location: Location: Location: Location: Location: Location: Location: Location: Location: Location:
Heartbleed: Please change your passwords of affected sites
http://mashable.com/2014/04/09/heartble ... -affected/
Namely, Facebook, Google, Yahoo!, Dropbox, Soundcloud, Box etc. Other sites are either not affected or not confirmed of status.
Namely, Facebook, Google, Yahoo!, Dropbox, Soundcloud, Box etc. Other sites are either not affected or not confirmed of status.
They are just big providers and I bet you used also dozens of small providers. The problem is on the server side so whenever you used the ssl (tls) connection for buying something or handling sensitive data it might have been possible to capture it, be it on the FB giant or a single person run online-shop using the open-ssl implementation.
BTW, I wonder how the local banks are doing. IMHO it would be completely devastating for their reputation if they used such open implementation but on the other hand I would not be that surprised some of them did or do.
BTW, I wonder how the local banks are doing. IMHO it would be completely devastating for their reputation if they used such open implementation but on the other hand I would not be that surprised some of them did or do.
Yes I appreciate the impact could be much deeper, just my cheap shot at social web sites
It's not only here I could be attacked. I took a look at the document where I store all my account details be it a bank, Tesco club card or airline loyalty. I have 49 accounts all with card numbers or user names and passwords. I have to keep a record because I cannot possibly remember them all even having, as far as possible, replicated the same details across accounts (the worst thing you can do of course!).
We are so open to attack these days because we can no longer keep the PIN or password or account details in our heads the numbers to remember have increased exponentially.

It's not only here I could be attacked. I took a look at the document where I store all my account details be it a bank, Tesco club card or airline loyalty. I have 49 accounts all with card numbers or user names and passwords. I have to keep a record because I cannot possibly remember them all even having, as far as possible, replicated the same details across accounts (the worst thing you can do of course!).
We are so open to attack these days because we can no longer keep the PIN or password or account details in our heads the numbers to remember have increased exponentially.
- sundaymorningstaple
- Moderator
- Posts: 39766
- Joined: Thu, 11 Nov 2004 1:26 pm
- Location: Retired on the Little Red Dot
Local banks sites DBS, OCBC, StanChart are okay (I've not checked any others). Same for my US bank/CCs. But I've changed them all and Google Drive, Google+, Dropbox. Will get to the others as they crop up and I see okay's posted.
Remember, even if a site is okay, if you happened to use the same password as was used on a susceptible site. You still need to change it on the secure site as well.
Remember, even if a site is okay, if you happened to use the same password as was used on a susceptible site. You still need to change it on the secure site as well.
SOME PEOPLE TRY TO TURN BACK THEIR ODOMETERS. NOT ME. I WANT PEOPLE TO KNOW WHY I LOOK THIS WAY. I'VE TRAVELED A LONG WAY, AND SOME OF THE ROADS WEREN'T PAVED. ~ Will Rogers
Thanks. Looks like the internet banking scene here are not using OpenSSL. There are tools in the below link to check specific sites for vulnerability to the bug:sundaymorningstaple wrote:Local banks sites DBS, OCBC, StanChart are okay (I've not checked any others). Same for my US bank/CCs. But I've changed them all and Google Drive, Google+, Dropbox. Will get to the others as they crop up and I see okay's posted.
Remember, even if a site is okay, if you happened to use the same password as was used on a susceptible site. You still need to change it on the secure site as well.
http://sgtechtrooper.blogspot.sg/2014/0 ... apore.html
- sundaymorningstaple
- Moderator
- Posts: 39766
- Joined: Thu, 11 Nov 2004 1:26 pm
- Location: Retired on the Little Red Dot
It is pretty useless. It only tells you if it is vulnerable NOW but even if it is not, it still could have been just a while ago and your password might have been compromised.WillF wrote:Thanks. Looks like the internet banking scene here are not using OpenSSL. There are tools in the below link to check specific sites for vulnerability to the bug:sundaymorningstaple wrote:Local banks sites DBS, OCBC, StanChart are okay (I've not checked any others). Same for my US bank/CCs. But I've changed them all and Google Drive, Google+, Dropbox. Will get to the others as they crop up and I see okay's posted.
Remember, even if a site is okay, if you happened to use the same password as was used on a susceptible site. You still need to change it on the secure site as well.
http://sgtechtrooper.blogspot.sg/2014/0 ... apore.html
...and if you are unlucky you could get accused for an attempt of hacking a site.
- Strong Eagle
- Moderator
- Posts: 11504
- Joined: Sat, 10 Jul 2004 12:13 am
- Location: Off The Red Dot
- Contact:
- Strong Eagle
- Moderator
- Posts: 11504
- Joined: Sat, 10 Jul 2004 12:13 am
- Location: Off The Red Dot
- Contact:
It's really the same difference, though, isn't it. Any given data field that has been malloc'ed contains the length of the field. Anything asking for more, could, and should be rejected. Seems like a big coding oversight.x9200 wrote:Technically it just reads too much without modifying anything in memory. Buffer overflow writes over some data often to execute specific tasks.Strong Eagle wrote:@zzm - is it really a buffer overrun exploit? I thought these kinds of things would have been patched up years ago.
http://www.bloomberg.com/news/2014-04-1 ... umers.html
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Private Residential Tenants affected financially due to Covid19
by danielleleilalu » Mon, 06 Apr 2020 12:53 pm » in Property Talk, Housing & Rental - 2 Replies
- 1533 Views
-
Last post by tt1973
Mon, 06 Apr 2020 1:44 pm
-
-
- 2 Replies
- 1421 Views
-
Last post by abbby
Mon, 25 May 2020 6:19 pm
-
- 2 Replies
- 1537 Views
-
Last post by bro75
Thu, 09 Jul 2020 3:03 pm
-
- 14 Replies
- 7513 Views
-
Last post by sundaymorningstaple
Sat, 09 Feb 2019 7:51 pm
-
-
Construction workers living on Construction Sites (Covid-19)
by musical box » Sat, 02 May 2020 12:33 pm » in Property Talk, Housing & Rental - 4 Replies
- 1589 Views
-
Last post by martincymru
Thu, 07 May 2020 12:09 pm
-
Who is online
Users browsing this forum: No registered users and 1 guest