Go Back   Literotica Discussion Board > Main Literotica Forums > Authors' Hangout

Reply
 
Thread Tools

Old 04-09-2014, 08:48 AM   #1
Bramblethorn
Mallory Heart Surgeon.
 
Bramblethorn's Avatar
 
Bramblethorn is offline
Join Date: Feb 2012
Location: Australia (occasionally USA)
Posts: 2,686
Time to change your passwords

For those who haven't already seen, there's a hideous bug in one of the common implementations of SSL (used to keep your web traffic secure... when it works). The bug was present in code for a couple of years. It's unknown whether any of the Bad Guys were aware of this before it was publicly announced, but they certainly know now and you can bet they're scrambling to take advantage of it.

I'm not an IT security pro, but there's a good summary of the issue here.

For those who aren't running websites themselves, some things to do:

Use this tool to check the security of any website that has confidential information of yours. If they're vulnerable, nag them to fix it ASAP. (NB: in some jurisdictions it may be illegal to use tools to test for vulnerabilities, because lawmakers are idiots.)

NB: The tool above only checks whether they're currently using a vulnerable version of SSL. If they have updated but were previously vulnerable, it's possible that their security certificates were compromised; if this is the case they'll need to update certificates. (You should be able to check the issue data of a certificate via your browser; here's how to do it in Firefox and IE.)

If you're using Chrome, make sure your preferences are set to check for revoked certificates (see first link above for instructions). Unfortunately this is off by default in Chrome; I think FF and IE have it on by default.

Once the site and certificates check out OK and NOT before, change your passwords. Until then, avoid transmitting anything you want to keep secret.

Keep an eye out for any signs of unauthorised activity on bank accounts etc.

Watch out for phishing scams: you may well get emails saying "your password has been compromised, click here to reset it". Don't fall for it. Type in the website address yourself.

Be very nice to anybody you know who is in IT security; they're having a bad week.

(And if I have any of this info wrong, please correct me!)

Last edited by Bramblethorn : 04-09-2014 at 09:13 AM.
  Reply With Quote

Old 04-09-2014, 09:06 AM   #2
Zeb_Carter
...
 
Zeb_Carter's Avatar
 
Zeb_Carter is offline
Join Date: Jun 2006
Location: In a state...
Posts: 10,316
This may explain why my FTP access was shutdown for my websites. My provider said they were working on the problem and they would inform me when it was back up, but they didn't mention the heartbeat problem. I'll have to ask now.
  Reply With Quote

Old 04-09-2014, 10:25 AM   #3
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 44,821
For the computer illiterate people like me in the world, I have no clue what any of that means or what I'm supposed to do, if anything.

I know, I know. I should learn more about this stuff. And I am trying.
__________________
. . .

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)


My Page
My Blog
FAWC 2 Winner


Kink Bingo
Romance Bingo


Great minds discuss ideas.
Average minds discuss events.
Small minds discuss people.

Eleanor Roosevelt
  Reply With Quote

Old 04-09-2014, 05:00 PM   #4
Bramblethorn
Mallory Heart Surgeon.
 
Bramblethorn's Avatar
 
Bramblethorn is offline
Join Date: Feb 2012
Location: Australia (occasionally USA)
Posts: 2,686
Quote:
Originally Posted by _Lynn_ View Post
For the computer illiterate people like me in the world, I have no clue what any of that means or what I'm supposed to do, if anything.

I know, I know. I should learn more about this stuff. And I am trying.
Yeah, it's not a simple issue :-/ OK, I'll see if I can make this more user-friendly.

Step 1: make a list of websites where you send confidential information. The main risk here is financial stuff: web banking, utility companies, etc etc.

Ideally, all these companies should be contacting YOU and telling you whether they're vulnerable and what you need to do about it. But most of them probably won't, so...

Step 2: go to this website and paste in the URLs for each of those confidential websites. By now, they should have patched the SSL vulnerability, and you should get an "all good" message.

If you get a "something went wrong" message it probably still means they've patched. But if you get a red warning message, you should avoid giving them confidential information (don't log in until the problem is fixed - use phone banking etc) and you probably want to call them up and nag them to fix it.

Step 3: once you've confirmed that they're patched (or getting a "something went wrong", probably good enough) wait a couple of days and then change your password for that site. Do this for every site on your list. If you have some spare time on the weekend, set aside half an hour or so for password changes.

(If you have the know-how, this is where you'd be checking SSL certificates. But by the weekend, most companies who are going to fix up their certificates will have done so.)

Step 4: keep an eye on bank/credit card statements and watch out for anything suspicious, especially over the next couple of months.

Step 5: Be very wary of any email you get that reads like this:

"This is **** Bank alerting you that your account has been compromised by the Heartbleed bug. Please click on this link to update your details and change your password."

If you get a message like that, it may well be a "phishing" attempt - somebody trying to steer you to a fake website and get you to give them your password. Don't click on links in emails like this.
  Reply With Quote

Old 04-09-2014, 08:16 PM   #5
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 44,821
Thanks, I'll follow through.

I spent the last four hours ridding the laptop of . . . something . . . I picked up searching for a PowerPoint template from a site I've used before.

So my brain is fried.
__________________
. . .

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)


My Page
My Blog
FAWC 2 Winner


Kink Bingo
Romance Bingo


Great minds discuss ideas.
Average minds discuss events.
Small minds discuss people.

Eleanor Roosevelt
  Reply With Quote

Old 04-09-2014, 08:44 PM   #6
RejectReality
Literotica Guru
 
RejectReality's Avatar
 
RejectReality is offline
Join Date: Jan 2009
Location: Figment of Darkniciad's imagination
Posts: 620
Quote:
Originally Posted by _Lynn_ View Post
Thanks, I'll follow through.

I spent the last four hours ridding the laptop of . . . something . . . I picked up searching for a PowerPoint template from a site I've used before.

So my brain is fried.
It wasn't the fake Windows Defender, was it?

Because I had a prompt come up trying to fool me into clicking it today, and it was on a site I'm on almost daily, which I consider beyond reproach.

Fortunately, I knew not to touch it. Closed it with task manager, and came up with clean scans afterwards.
__________________


Alt for Darkniciad ^--Website

Summer Lovin'
Sunny Daze

08/29/13
*
Valentine's
Diamond Valentine

02/06/14
*
Pink Slip-pery Slope

02/18/14
*
Nude Day
Beholding Dawn

07/10/14

  Reply With Quote

Old 04-09-2014, 08:47 PM   #7
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 44,821
Quote:
Originally Posted by RejectReality View Post
It wasn't the fake Windows Defender, was it?

Because I had a prompt come up trying to fool me into clicking it today, and it was on a site I'm on almost daily, which I consider beyond reproach.

Fortunately, I knew not to touch it. Closed it with task manager, and came up with clean scans afterwards.
Nope, I know not to touch those. It was called MySearchDial . . .
__________________
. . .

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)


My Page
My Blog
FAWC 2 Winner


Kink Bingo
Romance Bingo


Great minds discuss ideas.
Average minds discuss events.
Small minds discuss people.

Eleanor Roosevelt
  Reply With Quote

Old 04-09-2014, 08:54 PM   #8
RejectReality
Literotica Guru
 
RejectReality's Avatar
 
RejectReality is offline
Join Date: Jan 2009
Location: Figment of Darkniciad's imagination
Posts: 620
Still makes me wonder if one of the major ad servers didn't get hacked, even though it wasn't the same malware. That's a logical place to look when otherwise safe sites suddenly have nasties.
__________________


Alt for Darkniciad ^--Website

Summer Lovin'
Sunny Daze

08/29/13
*
Valentine's
Diamond Valentine

02/06/14
*
Pink Slip-pery Slope

02/18/14
*
Nude Day
Beholding Dawn

07/10/14

  Reply With Quote

Old 04-09-2014, 09:06 PM   #9
_Lynn_
Literotica Guru
 
_Lynn_'s Avatar
 
_Lynn_ is offline
Join Date: Dec 2006
Location: USA
Posts: 44,821
Quote:
Originally Posted by RejectReality View Post
Still makes me wonder if one of the major ad servers didn't get hacked, even though it wasn't the same malware. That's a logical place to look when otherwise safe sites suddenly have nasties.
I try to be careful of where I go but it happens. I lost my PC to a trojan last year.
__________________
. . .

Pay It Forward ~ by JaeLynn Topper (begins halfway down the page)


My Page
My Blog
FAWC 2 Winner


Kink Bingo
Romance Bingo


Great minds discuss ideas.
Average minds discuss events.
Small minds discuss people.

Eleanor Roosevelt
  Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 08:40 PM.

Copyright 1998-2013 Literotica Online. Literotica is a registered trademark.