• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

have you changed your password yet?

 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34208
341
Eclipse IDE Java VI Editor
 
Bert Bates
author
Sheriff
Posts: 8898
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?
 
margaret gillon
Ranch Hand
Posts: 335
6
Linux Tomcat Server Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using the list that Jeanne posted is the best answer I've seen so far. It seems safe to change passwords on the sites that have applied the patches. Hopefully the list will continue to be updated.

The Heartbleed checkers are vague on sites that don't use OpenSSL at all or sites that are blocking the vulnerability test because they are being bombarded.

Here is one checker
http://filippo.io/Heartbleed/#fatcow.com

This question was also raised here:
http://www.coderanch.com/t/631935/Security/Heartbleed-Bug-vulnerability-popular-OpenSSL

Jeanne was javaranch.com / coderanch.com using the vulnerable OpenSSL and is it patched ?
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Posts: 15216
36
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've changed the passwords for the accounts I use most. Don't know if it was really necessary or not, but it's a good idea anyway to change your passwords every now and then.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34208
341
Eclipse IDE Java VI Editor
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bert Bates wrote:I DO NOT claim to know what the best course of action is for an individual. I did read something about how it might be best to not change your passwords until the site in question has declared a fix. It had something to do with recently changed passwords being more likely to be found in recent caches?

Again, not sure, does anyone know more?

I don't know about the cache, but I'm waiting until they announce a fix. If for no other reason that I'll just have to change it again once they do announce a fix. Given they are still vulnerable and all.

The Ranch has now changed all of it's own gmail passwords. I've changed my personal ones for a number of sites. (hoping I don't forget all my passwords now.) Luckily, I use two factor authentication for gmail so was never exposed there.

I also took this opportunity to set up two factor for github. For reference, here are the sites with two factor enabled.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic