|
|
| Author |
Message |
| Lord Percy |
This post is not being displayed .
|
Lord Percy
World Chat Champion
Joined: 03 Aug 2012
Karma : 
|
 Posted: 15:53 - 10 Apr 2014  Post subject: The Heartbleed list: Passwords you need to change right now. |
 |
|
Biggest Internet security blunder ever, apparently.
Basically your passwords were possibly exposed for websites including Google, Yahoo, Apple, eBay and plenty more.
https://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-Tw-main-link
edit: just seen this in the geek zone forum but some people (eg myself) might not look there that often, so here it is as a 'current affair' too... |
|
| Back to top |
  |
You must be logged in to rate posts |
|
 |
| Ste |
This post is not being displayed .
|
Ste
Not Work Safe
Joined: 01 Sep 2002
Karma : 
|
| Posted: 16:01 - 10 Apr 2014 Post subject: |
|
|
You mean you don't change your passwords regularly anyway?  |
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma : 
|
| Posted: 16:58 - 10 Apr 2014 Post subject: |
|
|
MINECRAFT!
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Benno |
This post is not being displayed .
|
Benno
World Chat Champion
Joined: 06 May 2012
Karma :  
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| - |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
-
Super Spammer
Joined: 22 Oct 2013
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| daemonoid |
This post is not being displayed .
|
daemonoid
World Chat Champion
Joined: 27 Jun 2008
Karma :
|
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| daemonoid |
This post is not being displayed .
|
daemonoid
World Chat Champion
Joined: 27 Jun 2008
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| - |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
-
Super Spammer
Joined: 22 Oct 2013
Karma :
|
| Posted: 13:33 - 11 Apr 2014 Post subject: |
|
|
| daemonoid wrote: |
It's an openSSL bug - https://www.openssl.org/ nothing to do with windows XP and for the most part it's only server side software that's affected |
For the most part?.....So PC side, nothing will need patching to meet the server side SSL patching then....fair enough, I did wonder.
| daemonoid wrote: |
Yahoo could've been a target, but why anyone who knew about this before it was public would target them for email spam is beyond me. You can get into a whole load of other things, including online shops and a number of banks. |
The BT Yahoo thing has happened a few times over the last couple of years, I have customers who get hit every few months. Every so often thousands of their account logins get compromised and used to send spam. Around 1 in 10 email from BT accounts is malicious.
There's clearly some money to be made in sending out large scale spam, otherwise people wouldn't go to all the effort in the first place.
https://www.pcpro.co.uk/news/security/382462/one-in-ten-emails-from-bt-accounts-is-malicious
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Im-a-Ridah |
This post is not being displayed .
|
Im-a-Ridah
World Chat Champion
Joined: 20 Oct 2006
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| daemonoid |
This post is not being displayed .
|
daemonoid
World Chat Champion
Joined: 27 Jun 2008
Karma :
|
| Posted: 14:18 - 11 Apr 2014 Post subject: |
|
|
| mpd72 wrote: | The BT Yahoo thing has happened a few times over the last couple of years, I have customers who get hit every few months. Every so often thousands of their account logins get compromised and used to send spam. Around 1 in 10 email from BT accounts is malicious.
There's clearly some money to be made in sending out large scale spam, otherwise people wouldn't go to all the effort in the first place.
https://www.pcpro.co.uk/news/security/382462/one-in-ten-emails-from-bt-accounts-is-malicious |
Yeah, no doubt about that. It's just that the heartbleed bug gives you access to so much bigger scams.
Spam has happened way before and will continue way after this bug, but it's most likely, as Ridah says, auto compromised accounts - tricking people into giving their details. Even better, the fact that you're already sending spam means you can send out dodgy mails to ask unsuspecting users for their details.
I think the huge numbers coming from BT is because BT users are the least educated users. They haven't made any choices to get themselves connected, just stuck with the same old people who've provided their phone since forever.
____________________
current: ducati monster 750
past: hyosung gt250r, bajaj pulsar 180, hyosung gt 125 comet
@thomasgarrard | www.straitjkt.com | www.racingseven.com |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| - |
This post is not being displayed because the poster has bad karma. Unhide this post / all posts.
|
-
Super Spammer
Joined: 22 Oct 2013
Karma :
|
Posted: 15:11 - 11 Apr 2014  Post subject: |
|
|
| daemonoid wrote: | ....., but it's most likely, as Ridah says, auto compromised accounts - tricking people into giving their details. Even better, the fact that you're already sending spam means you can send out dodgy mails to ask unsuspecting users for their details.
|
There's more to this BT Yahoo account issue than people being tricked into giving away their details - have a quick Google. Some of the customers I've seen who's accounts have been compromised didn't even know what the email account password was as it was configured in Outlook, not needing a webmail login.
https://www.telegraph.co.uk/finance/newsbysector/epic/btdota/10089355/BT-dumps-Yahoo-email-after-hacking-claims.html
Someone from within the company has also tipped off The Register, that BT were allowing unsecured HTTP rather than HTTPS connections to their webmail.
https://www.bbc.co.uk/news/technology-26480381
____________________
TZR250 2MA road, TZR250 1KT road, TZR250 2MA race, TDR250, YZF-750R Boost colours.
Jaguar S Type 3.0 V6 Sport R, VW Transporter T5 GP LWB Shuttle 140ps DSG. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| daemonoid |
This post is not being displayed .
|
daemonoid
World Chat Champion
Joined: 27 Jun 2008
Karma :
|
| Posted: 15:44 - 11 Apr 2014 Post subject: |
|
|
Perhaps there is a lot more to the BT/yahoo thing than scam logins. You've highlighted the bit that shows it's not the heartbleed exploit/bug leading to it though - http... essentially they were transmitting usernames & passwords unencrypted. Heartbleed is vulnerability over https (ssl) that allows the memory of the server to be viewed as per the xkcd comic above.
____________________
current: ducati monster 750
past: hyosung gt250r, bajaj pulsar 180, hyosung gt 125 comet
@thomasgarrard | www.straitjkt.com | www.racingseven.com |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| shereen |
This post is not being displayed .
|
shereen
World Chat Champion
Joined: 15 Mar 2011
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| shereen |
This post is not being displayed .
|
shereen
World Chat Champion
Joined: 15 Mar 2011
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
| Posted: 20:52 - 11 Apr 2014 Post subject: |
|
|
Change it now.
Wait a week.
Change it again.
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| krarkol |
This post is not being displayed .
|
krarkol
World Chat Champion
Joined: 17 Oct 2012
Karma :
|
| Posted: 13:51 - 12 Apr 2014 Post subject: |
|
|
If you change it before the new security is in place, they'll already have your password rendering the new security useless 
____________________
Bandit 600 - deaded |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| anthony_r6 |
This post is not being displayed .
|
anthony_r6
World Chat Champion
Joined: 31 Mar 2011
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| dydey90 |
This post is not being displayed .
|
dydey90
World Chat Champion
Joined: 01 Oct 2013
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| pa_broon74 |
This post is not being displayed .
|
pa_broon74
World Chat Champion
Joined: 28 Mar 2006
Karma :
|
| Posted: 13:07 - 17 Apr 2014 Post subject: |
|
|
If facebook is at risk, they can have at mine, good luck trying to scam anyone out of anything posing as an Official Chilean Government Hooker who used to work at Victoria's Secret.
____________________
Didn't catch anything. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Im-a-Ridah |
This post is not being displayed .
|
Im-a-Ridah
World Chat Champion
Joined: 20 Oct 2006
Karma :
|
| Posted: 17:42 - 17 Apr 2014 Post subject: |
|
|
Doesn't make any difference WRT to police and government
Under Part 3 of Regulation of Investigatory Powers Act (RIPA) you've got to give them your password anyway or go to jail 
Bye bye rights  |
|
| Back to top |
| |
You must be logged in to rate posts |
|
 |
Old Thread Alert!
The last post was made 11 years, 140 days ago. Instead of replying here, would creating a new thread be more useful? |
 |
|
|
Help & FAQs
Search BCF
Members
Groups
Events Calendar
rating
rating