Hi Everyone. Well, after 15 years the RV-Dreams Community Forum is coming to an end. Since it began in August 2005, we've had 58 Million page views, 124,000 posts, and we've spent about $15,000 to keep this valuable resource for RVers free and open. But since we are now off the road and have settled down for the next chapter of our lives, we are taking the Forum down effective June 30, 2021. It has been a tough decision, but it is now time.


We want to thank all of our members for their participation and input over the years, and we want to especially thank those that have acted as Moderators for us during our amazing journey living and traveling in our RV and growing the RV-Dreams Family. We will be forever proud to have been founders of this Forum and to have been supported by such a wonderful community. Thank you all!!

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: About the Heartbleeds Hack


RV-Dreams Family Member

Status: Offline
Posts: 1248
Date:
About the Heartbleeds Hack


From my techno-geek husband, about the hack you've probably been hearing about on the news.....

 

OK: I am keeping this non-technical.

The Bottom line is that a key program used by EVERYONE (google/microsoft/yahoo), etc.. got hacked.   and they JUST discovered it after 2 YEARS!!! *
 
What to do:

Today:

  •  ABSOLUTELY NOTHING today, unless you are running a SSL server. (most likely This means almost NO-ONE... ^
Later this week:
  • Go to EVERY single site you use.  Change ALL of your passwords!  NO, I am serious.  They are ALL compromised!!  #
 
Ramifications:
This is the ABSOLUTE largest hack in history.  If you were to take every single credit card breach in the past 5 years, add them up, and then triple the number, it's not even close to the amount of possible passwords that are now vunerable.
 
Remember, don't do anything today.  Unless THEY updated THEIR servers, it wont matter. Waiting a few days is best.


What this means: (technical stuff)
 
*  Technical junk: OpenSSL (a free and openly developed Secure Socket Layer) protocol and server was HACKED.

^ and if ARE  running UBUNTU, it still isn't patched as of 3PM eastern time Wednesday see here for latest info if YOU are running a ubuntu server

# The reason you are waiting a few days is so that Google, Microsoft, and everyone else patches this BEFORE you go through
the effort to change your password!



__________________

Cheryl B. in her new RV

(well, not new any more! Full timing since 6/25/14)

2008 DRV MS 36TKBS3 (the CoW: Castle on Wheels), 2005 Ford F550 hauler (the Bull)

My blog is http://mitcheryl-rv-journey.blogspot.com/

My business: www.AZAdminSolutions.com



RV-Dreams Family Member

Status: Offline
Posts: 446
Date:

Let us know when we can change our info. Thanks, Cheryl.


__________________

 

sun.gifJo & Craig: Class of 2014!

http://itsourmomentintime.wordpress.com/

Life isn't about how you survived the storm, it's about how you danced in the rain!

2016 Lifestyle Luxury 39FB

2015 Ford F350 Dually Longbed (It's awesome!)



RV-Dreams Family Member

Status: Offline
Posts: 1395
Date:

Thanks for the info!!! Sometime technology is just a royal Pain!!!! I get used to using different passwords and then---it seems to have start from scratch again!! Maybe I should get all your addresses and us Snail Mail!!! LOL!

__________________

Life is too short. Live it Now!

Currently at Shady Acres RV Park   Lebanon; Tennessee

http://1Irishrover.blogspot.com

 



RV-Dreams Family Member

Status: Offline
Posts: 3721
Date:

From http://rickpaulettervjournal.blogspot.com/2014/04/heartbleed-security-flaw-what-you.html:
---
Yahoo seems to be most affected. Facebook, Google, and Twitter's Web sites appear to be safe. Yahoo said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr. Still, a Yahoo spokesperson said the company is still working to make the fix across the rest of the Yahoo sites.

----

I am not that worried.  I did install the Chromebleed extension to Chrome, since I use Chrome.



__________________

Bill Joyce,
40' 2004 Dutch Star DP towing an AWD 2020 Ford Escape Hybrid
Journal at http://www.sacnoth.com
Full-timing since July 2003



RV-Dreams Family Member

Status: Offline
Posts: 3721
Date:

Here is a list of sites that were tested on April 8th - https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt.  Yahoo sites are the main worry, which is normal.  Most other important sites were not vulnerable.  



__________________

Bill Joyce,
40' 2004 Dutch Star DP towing an AWD 2020 Ford Escape Hybrid
Journal at http://www.sacnoth.com
Full-timing since July 2003



RV-Dreams Community Member

Status: Offline
Posts: 4
Date:

Heartbleed is actually not a "hack" — it's a vulnerability. The extent of compromise of the vulnerability (how much it was hacked) is unknown.

It's one heck of a vulnerability.

 

Details here:

http://heartbleed.com/



-- Edited by bugsplatter on Thursday 10th of April 2014 01:57:03 PM

__________________

 - Rich

2013 Fleetwood Bounder 33C

 



RV-Dreams Family Member

Status: Offline
Posts: 2950
Date:

money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html

__________________

 1998 ...Harney Renegade DP  class A

rers1@mail.com

 

My Service dog and life partner " Nikki"......Klee Kia Miniature Husky....(she Runs the ship!!)

We are not lost in the Woods.....Just Extreme boondocking!!!!!!



RV-Dreams Family Member

Status: Offline
Posts: 813
Date:

It isn't nearly as catastrophic as the news would have you believe. Sure, it's a vulnerability and needs to be patched…but the actual likelihood of your passwords being compromised is very, very low. The biggest likelihood is that the SSL keys for the server could have been compromised and thus a bad guy could impersonate the server…although there's a lot more to this than just getting the SSL keys.

Did I go and change my passwords on affected sites after they were patched? Sure, but then I periodically change them anyway.

Am I (or you) at serious risk? Unlikely at best.

Use decent passwords, don't reuse them on different sites, and monitor your credit and bank accounts frequently.

If anybody is interested in decent passwords and how to create and/or remember them say so and I'll go into more detail as this used to be my business before I retired.



__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us