txlaw Posted April 9, 2014 Posted April 9, 2014 See the following article: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/ The short of it is that if you used Yahoo or any other vulnerable site in the past, it's possible that your password (and other confidential data) has been stolen. I actually had my Yahoo email contact list stolen, and the culprits have been sending spoof emails from that address to people on my contact list. Could be time to update passwords and actually start using 2-factor authentication.
saltybit Posted April 9, 2014 Posted April 9, 2014 I did a search and didn't find any financial websites affected. Does anyone know if that's indeed the case? (I tried this script https://gist.github.com/takeshixx/10107280 on various sites that I use and didn't find any that were affected, though maybe they have patched things already by the time I got around to it) Probably safer to just change all passwords, after first confirming that the site/service you are using does not have this vulnerability anymore.
investor-man Posted April 9, 2014 Posted April 9, 2014 More info: http://heartbleed.com/ I'm not sure why Yahoo is singled out, especially since a Google engineer found this, thus identifying an opening they had running for a long time on their own servers. Basically every website out there uses OpenSSL, including all of the banks and financial institutions. Change your passwords! And even better, use multi-factor authentication when available.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now