• Welcome to Phoenix Rising!

    Created in 2008, Phoenix Rising is the largest and oldest forum dedicated to furthering the understanding of and finding treatments for complex chronic illnesses such as chronic fatigue syndrome (ME/CFS), fibromyalgia (FM), long COVID, postural orthostatic tachycardia syndrome (POTS), mast cell activation syndrome (MCAS), and allied diseases.

    To become a member, simply click the Register button at the top right.

Warning! The BBC have just announced that all security sites on the web are compromised

Countrygirl

Senior Member
Messages
5,429
Location
UK
I have just heard on the BBC 24-hour news that a 'catastrophic' flaw has been discovered that makes all our passwords available to hackers, especially. sites with the padlocked symbol. Patches are going to be applied and then we will need to change our passwords. Meanwhile, all padlocked sites are at risk,so be very cautious. \even if you change your password now that too will be vulnerable.

I hope none of us is a victim. Watch your financial accounts carefully..


C.G.
 
Last edited:

Sean

Senior Member
Messages
7,378
1. Don't panic. Yes, it is a major security flaw. But there is very little you, the average user, can do about it (directly).

2. However, you can check if a secure connection (https, the one with the little padlock symbol) is compromised. To check the secure connection for a site, go to Heartbleed or SSL-Test and enter the url address of the site you wish to check. It will tell you if it has been secured.

Please note that this only tests secure connections (https type), not standard unsecured connections (http). Not all sites use a secure connection.

There are also different types of secure connection, this problem is only with https, also known as SSL or TLS.

3. There is no point in changing your passwords on any site until that site's servers have been secured against this problem. It is happening rapidly worldwide as we speak, and most sites have probably already been secured, especially critical sites like banks, government departments, major businesses, etc. I will bet virtually 100% of them were done within a day or so.
 

Ambrosia_angel

Senior Member
Messages
544
Location
England
We've always been vulnerable to hackers. The only way to ever prevent it is to not use the internet. Scaremongering to be honest. I wonder how many months they kept this supposed new information.
 

Ambrosia_angel

Senior Member
Messages
544
Location
England
Not sure when it was first spotted, but it has been on the loose for about 2 years.
I think everybody needs to know that the internet is never private or safe. If the government can access everything why can't joe bloggs? A lot of these hackers have government given knowledge or have worked with people high in the telecommunications industries to learn how to hack.
 

Sean

Senior Member
Messages
7,378
I think everybody needs to know that the internet is never private or safe.

Indeed. There are only degrees of relative privacy and safety online.

I am not too concerned about this latest security problem, mainly because it was out in the wild for so long, but we have not seen any consequences. If it had already been exploited on any significant scale we would almost certainly have already seen the consequences. But so far, nothing, that I know of.

Given there is no serious exploitation of it, then it is probably a good thing it happened, wake people up a bit.
 

TigerLilea

Senior Member
Messages
1,147
Location
Vancouver, British Columbia
I have just heard on the BBC 24-hour news that a 'catastrophic' flaw has been discovered that makes all our passwords available to hackers, especially. sites with the padlocked symbol. Patches are going to be applied and then we will need to change our passwords. Meanwhile, all padlocked sites are at risk,so be very cautious. \even if you change your password now that too will be vulnerable.

I hope none of us are a victim. Watch your financial accounts carefully..


C.G.

The "Heartbleed" bug has been around for two years now. They have only just recently detected it.