News
Search Options ►Change your passwords
Site Update
We have been made aware of a devastating bug in SSL software, explained here. It is important that you change any passwords associated with sensitive information, such as banking passwords, PayPal, etc. just in case. Changing your passwords everywhere is probably a good choice!
Stay safe!
Posted by JAK
(#15) on Tue Apr 8, 2014 4:57pm
- ♥ Retta ♥
(#63)
-
Posted on: Wed Apr 9, 2014 10:13am
Thank you SO MUCH for passing the information along to your users! Its truly appreciated. Particularly with your mention of information sensitive sites like paypal and the like, since not everyone watches the news, and thus there are likely many people completely unaware of the issue.
- Bernie
(#20609)
-
Posted on: Wed Apr 9, 2014 10:22am
TYVM--changed
- SatanSama & Schezo
(#7634)
-
Posted on: Wed Apr 9, 2014 11:13am
ONLY CHANGE YOUR PASSWORDS IF THE SITE IS VULNERABLE AND FIXED. If the site is vulnerable and HAS NOT been fixed, DO NOT USE THE SITE. Continue to check and test the site to see if it has been patched, and once it has been, then you can go back to using it.
If you change your password on a vulnerable site, it's more likely to be picked up by attackers using this method as it is recent data!
- MissMally
(#473)
-
Posted on: Wed Apr 9, 2014 11:28am
It doesn't actually steal passwords. It has the ability to jump on a someone's log-in session and change things as them, but it doesn't know what your password is. It's really scary for the website but not directly dangerous to your passwords anyway. Like if Aywas was vulnerable they could do stuff to the site logged in as an admin, but they might not be able to get on again as that admin. (my hubby is a DevOps, which is a systems admin that also develops. He explained all that to me xD)
- Massago
(#39940)
-
Posted on: Wed Apr 9, 2014 11:38am
MissMally. I love your husband. Thank you for that little update.
- MissMally
(#473)
-
Posted on: Wed Apr 9, 2014 11:38am
OK, NM. It can, but not specifically? It can grab chunks of data that are supposed to be encrypted and it could be anything, it's random chance. So it can eventually fish up credit card numbers and passwords but it can't search for anything. I was getting two explanations mixed up. It's an exploit that can grab whatever output is going by in that particular vulnerable part. Most of the time it's just random junk data. It's very hard to get anything useful, but I'm sure people have tried long enough on bigger sites to eventually get something useful.
- MissMally
(#473)
-
Posted on: Wed Apr 9, 2014 11:42am
Though bigger sites have mostly fixed it pretty quickly, except Yahoo apparently
- Ash
(#57216)
-
Posted on: Wed Apr 9, 2014 12:51pm
UGH I hate this stuff! I'm so paranoid about my credit/banking accounts. I wish I understood stuff like this.
- Lunch & Obi
(#2021)
-
Posted on: Wed Apr 9, 2014 8:07pm
I just now changed my bank account password and I'm not changing my yahoo passwords again because I've done that so many times already. They're pretty strong passwords because I added all the necessary characters that needed to be in one for hackers not to get in my account again...I just have too many passwords to change and the only one I'm worried about is my banking info, so yeah...Thanks for this info though(especially MissMally's) and keeping us updated about it.
Posted on: Wed Apr 9, 2014 8:06am
Dang, that's scary. ;-;