Should we stop online activity? Sounds very serious.
Thanks!
From what I have read, it lets malicious people to “fish” randomly for data in a server’s memory. It can be done many times, so it’s such a big issue. If you “fish” enough, you may end up with the login/password database. Decrypting it is only a matter of time.
One of the many stories is here (this one is a bit of a call for calm):
This website has a list of vulnerable/not-vulnerable sites (not exhaustive). You can use the find dialog box on your browser to search for sites of importance to you.
https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt
There is also a link to check whether a particular site is vulnerable, but I haven’t tried it yet.
http://filippo.io/Heartbleed/?\_ga=1.90522066.936347536.1397100096
The sites of most importance to me came back as not vulnerable.
The bug is exercised by sending a malformed heartbeat request to the server in order to elicit the server’s memory response. Due to a lack of bounds checking, OpenSSL never verified that the heartbeat request was valid, allowing attackers to bring about inappropriate server responses.
http://ftp.belnet.be/FOSDEM/2014/Janson/Sunday/NSA_operation_ORCHESTRA_Annual_Status_Report.webm
this might help somewhat.
User friendly explanation by XKCD:
Great graphic, ryansoh3!
Answer: Only if you want to. The rest of us will thank you for the bandwidth you won’t be using. The SAFE answer is, don’t put anything REAL about yourself anywhere online (including banks, Google, the government, etc.) except that which you would paint on a 4*8 sheet of plywood & go walking around the local mall with.
If you don’t want each and every one of us to see it (only not-seen by those who choose not to look), then do not EVER allow it to be sent, saved, copied, etc. online. Yes, that includes E-mail and “secure” sites!! (That “https:” protocol designation simply draws attention to your stuff, and there are people who can break “https” with nothing but their fingers and brains.)
Easy-peasy.
What to do if you’ve already E-mailed/posted/blogged/whatever… some personal information? Learn to love being naked in public. Sorry. That’s Truth for you.
Think of it this way: The Internet was created by the lowest bidder, a bunch of 1960s-era college kids, to be able to survive Global Thermonuclear War. It interprets “censorship” or “security” as “damage” and simply routes around it.
Please try to put your beliefs aside and understand this clearly:
There.
Is.
No.
Such.
Thing.
As.
Security.
On.
The.
Internet.
ANYWHERE!
Anyone who tells you otherwise is simply trying to lure you into exposing yourself in PUBLIC.
Got it?
H)
And with Mass Panic stirred up by this “news”, there is an extremely-much higher chance that they’ll now catch an Admin-level password reset.
Best defense: No Be There!
EDIT: PS: I knew you weren’t trying to say “phish”. Your use of the word “fish” is correct in your context!! I was trying to remind everyone that the easiest way to get your password is to simply present myself as someone you already fear or trust & just demand it.
Agreed that security is mostly an illusion. And for the few times it isn’t, you the user are the weak link in the chain. I just go through life assuming that everyone already knows everything they want to know about me. Try to steal from me, sue me, do your worst, Internet.
Years ago my daughter was watching me replace the front door on our house, and she noticed that my saw cut through the 8 nails holding the door in about the same time it would take to put the key in the lock and actually open the door. She said “the lock on the door isn’t keeping us very safe, is it?” and I said “nope!” She asked if the lock/door wasn’t keeping us safe, then what was? My answer was “I’m keeping you safe” which seemed to make her feel better.
Also, there is evidence that the NSA not only knew about Heartbleed for years, they’ve been actively exploiting it as opposed to keeping us safe by plugging it when they found out. One of their stated missions is to protect American networks from outside attack. Uh huh. To serve man, it’s a cookbook. So it would be prudent to assume that there are X amount of unknown vulnerabilities at any given time which are being actively exploited not only by those we consider enemies, but by those we never considered.
So if you want to be paranoid, there is probably plenty of good reason. My advice has always been just do what you can do and don’t obsess about all the dangers in the world because it’s pointless to worry. Good or bad, meet the world head on.
The NSA used to help with encription, and some other things. Not anymore, now they are too fargone to national socialist activities to be of any real good.
Too often a bump key or a couple hard kicks at the latch can do it as well. No lockpicking skill or anything. But locks help keep the semi-honest honest.
How old was your daughter?
She was 9 or 10 at the time. She’s 25 now and married. It was a good bonding moment and a good teaching moment. Humans are both the biggest help and threat to security. If we are safe, it’s not directly because of inanimate objects, though it doesn’t hurt to have the right objects. But the biggest danger we all face is the human mind. I don’t ever see that changing.
Great reference. And observation about how public “service” continues to morph …
“To Serve Man”… SWMBO & I count that TZ episode as one of our top one or two favorites!
But LISTEN.
If you crave SECURITY…
Remember!
The places we put the Very Worst people society has to offer — our meanest, hate-addicted, least useful, most worthless human beings…
We call those places:
“MAXIMUM Security”!
I’m sorry, but that’s just false, and a misleading assertion.
HONOR keeps honest people honest.
Locks just make frightened people believe they can feel “safe”, alone in their little boxes.
If you knew how easy they all actually are to pick, you’d go out & make sure everyone near you is a Trusted Friend.
Enough of that kind of nonsense & we won’t need locks anymore!
To Serve Man and It's a Good Life with Billy Mumy are my two favorite Twilight Zone episodes. That said, Lasspass prompted me to change my password on a few supposedly compromised websites including Google which I did. I'm now safe according to lastpass.
Actually they protect you from the inept, the unskilled, those too stupid to learn… and theres plenty of dangerous people who fit that bill. The vast majority of truly undesirable people fit that bill.
I have every episode of Twilight Zone ever recorded sitting on a file server. Great, great show. And it looks like almost everyone here is as old as me 
The Heartbleed vulnerability coming to light should make us feel safer. A month ago only the bad guys knew about it and we were all blissfully ignorant. Knowledge is power. Shying away from the Internet now is like being afraid to leave your home after the Night Stalker has already been captured because you just found out he existed in the first place. The best time to have been paranoid was before this vulnerability was discovered. So we should rejoice that there is one less vulnerability in the wild. That only leaves X number left, with X probably being a very scary number.
I turn 62 on May 2nd. I get my first Social Security deposit on June 11th. I'm an old f**k lol! BTW, I also have a large collection of these old shows including car 54, the munsters, the honeymooners, leave it to beaver,...you name it I probably have it