GeeCON Prague 2014*
The moose likes Meaningless Drivel and the fly likes have you changed your password yet? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Other » Meaningless Drivel
Bookmark "have you changed your password yet?" Watch "have you changed your password yet?" New topic
Author

have you changed your password yet?

Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30580
    
154

A nice list of websites affected by the Heartbleed security issue.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Bert Bates
author
Sheriff

Joined: Oct 14, 2002
Posts: 8815
    
    5
I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?


Spot false dilemmas now, ask me how!
(If you're not on the edge, you're taking up too much room.)
margaret gillon
Ranch Hand

Joined: Nov 12, 2008
Posts: 318
    
    5

Using the list that Jeanne posted is the best answer I've seen so far. It seems safe to change passwords on the sites that have applied the patches. Hopefully the list will continue to be updated.

The Heartbleed checkers are vague on sites that don't use OpenSSL at all or sites that are blocking the vulnerability test because they are being bombarded.

Here is one checker
http://filippo.io/Heartbleed/#fatcow.com

This question was also raised here:
http://www.coderanch.com/t/631935/Security/Heartbleed-Bug-vulnerability-popular-OpenSSL

Jeanne was javaranch.com / coderanch.com using the vulnerable OpenSSL and is it patched ?
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14192
    
  20

I've changed the passwords for the accounts I use most. Don't know if it was really necessary or not, but it's a good idea anyway to change your passwords every now and then.


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 8 API documentation
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30580
    
154

Bert Bates wrote:I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?

I don't know about the cache, but I'm waiting until they announce a fix. If for no other reason that I'll just have to change it again once they do announce a fix. Given they are still vulnerable and all.

The Ranch has now changed all of it's own gmail passwords. I've changed my personal ones for a number of sites. (hoping I don't forget all my passwords now.) Luckily, I use two factor authentication for gmail so was never exposed there.

I also took this opportunity to set up two factor for github. For reference, here are the sites with two factor enabled.
 
permaculture playing cards
 
subject: have you changed your password yet?