Heartbleed: Serious OpenSSL zero day vulnerability revealed

Heartbleed OpenSSL Bug Reveals the True Cost of Open Source Software

 

Tnx Page42. I am going to install it too as this PC is a family computer.
I assume the scam emails have links in them. Had to warn the family not to click on any links in emails for password resets even if they think the email is from a genuine source. We have not received any password reset emails as yet.

 

“Heartbleed” – would 2FA have helped? | Naked Security

 

Handy graphic shows which sites are affected by Heartbleed

See: http://venturebeat.com/2014/04/12/a...e-because-of-heartbleed-in-one-handy-graphic/

 

Yer welcome. I may install it as well. Post back here or on the extension thread what your experiences are with Chromebleed, if you would.

 

Private crypto keys are accessible to Heartbleed hackers, new data shows.

-- Tom

 

It works. I checked out a few sites that I have accounts with. One govt. site which is vulnerable is not accepting payments. One family member opened a news site (sunnewsnetwork) to see what they have to say about the local situation (local utilities, banks, ISPs etc.) and got an alert on the news site. Their website if vulnerable. . We do not have an account with them. Still checking all the utilities sites as we converted over to e-billing over the past year.

 

Has anyone come across 1) a perl based reverse/client test script, and/or 2) A webserver known to be vulnerable and meant for testing?

 

2) cloudflarechallenge.com

 

Certificate Revocation and Heartbleed

 

Thanks MrBrian, I suppose I should have read more about the challenge when I heard of it

 

You're welcome .

Meanwhile, two more "winners" confirmed at http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge.

 

Heartbleed – Reports from the Field

 

Just added the FoxBleed extension to firefox, but not sure it's working (supposedly similar to Chromebleed). Anyone know a vulnerable site that it could be tested on?

 

The current version of the Qupzilla browser is vulnerable to Heartbleed!
(V1.6.3 uses OpenSSL 1.0.1g)

 

Many Devices Will Never Be Patched to Fix Heartbleed Bug.

-- Tom

 

Heartbleed hackers grab 900 SIN numbers off Canadian Revenue Agency servers

http://montreal.ctvnews.ca/heartbleed-hackers-grab-900-sin-numbers-1.1774699

 

Linky if you want the extension of Firefox although I probably would not put too much stock in it. https://addons.mozilla.org/en-US/firefox/addon/foxbleed/

 

BBC News - Heartbleed hacks hit Mumsnet and Canada's tax agency

 

Understanding the Heartbleed Proof of Concept.

-- Tom

 

Parenting website Mumsnet hit by Heartbleed hacking bug | Technology | The Guardian

Heartbleed virus: Mumsnet has 'no idea' how many users hacked as it resets ALL passwords | Science & Tech | News | Daily Express