Infographic Shows Which Passwords Need to be Changed Because of Heartbleed

Discussion in 'Android News' started by dgstorm, Apr 17, 2014.

  1. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    [​IMG]

    It's hard to disseminate all the info running rampant across the internet regarding the Heartbleed SSL vulnerability which has been the big media talk over the past week and a half. We mostly stayed away from the story to avoid spreading any "fear-mongering."

    Still, that doesn't mean we don't want to offer some useful intel for you guys. We've been holding out so we could wait until much of the initial hype died down and something useful came along. The above infographic is precisely that. The cybersecurity experts at LWG Consulting have put together a handy infographic which gives details on which major websites/web-services we should change our passwords on ASAP. It also shows some websites that we can breathe easier about.

    It's possible that this infographic isn't 100% exhaustive, but it should be a great starting reference. Many of the companies who own these websites are currently scrambling to fix the vulnerability. Some of them have already fixed the vulnerability, but the problem has been there for years, so it is best to change your password regardless.

    Source: LWG
     
    • Like Like x 4
  2. VirtualCLD

    VirtualCLD Member

    Joined:
    Sep 5, 2010
    Messages:
    84
    Likes Received:
    14
    Trophy Points:
    8
    Ratings:
    +16
    Is it worth changing the password on sites that haven't implemented a fix yet? It would seem that you're still vulnerable until the site has patched OpenSSL and reissued all of its certificates.
     
  3. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    You make a very valid point VirtualCLD... it is possible that you will need to change your password again once all of these sites have corrected the vulnerability. It's probably still worth changing it now, and then again later on once that fix happens for all the sites. Some of these sites have already patched the problem. At the very least, if you change your password now, then if some bad guys have your old password stored in a database because of accessing it in the past, they will be wrong.
     
  4. johnomaz

    johnomaz Silver Member

    Joined:
    Jul 12, 2010
    Messages:
    3,172
    Likes Received:
    629
    Trophy Points:
    178
    Location:
    Central Valley, California
    Ratings:
    +767
    Current Phone Model:
    Google Pixel XL
    Though I changed my passwords for the sites I'm affected with, the important ones I use a 2 step process for anyways so if someone tried to log in under my account, they would need my unique code that changes every 30 seconds. But did anyways just to be safe.
     
    • Like Like x 2
  5. VirtualCLD

    VirtualCLD Member

    Joined:
    Sep 5, 2010
    Messages:
    84
    Likes Received:
    14
    Trophy Points:
    8
    Ratings:
    +16
    You also raise a good point. I think it's time to reconsider a password manager, since I am having trouble remembering all of these different passwords for each site. My only concern is I can't use one at work when I want to access some personal sites and I don't know how secure it would be to have all of these passwords stored together on a remote server. Probably better than the situation I'm in now though.
     
    • Like Like x 2
  6. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    I've been thinking about a password manager myself too. I use so many different passwords that sometimes I get them confused and have to "hack" myself! lol!
     
    • Like Like x 1
  7. johnomaz

    johnomaz Silver Member

    Joined:
    Jul 12, 2010
    Messages:
    3,172
    Likes Received:
    629
    Trophy Points:
    178
    Location:
    Central Valley, California
    Ratings:
    +767
    Current Phone Model:
    Google Pixel XL
    Honestly, I don't trust password managers. Its one of those things that you wonder if they are secretly sending your passwords back to themselves.
     
    • Like Like x 1
  8. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    I've wondered the same thing too. That's probably why I haven't tried one yet. :)
     
    • Like Like x 1
  9. BMWBig6

    BMWBig6 Member

    Joined:
    Aug 4, 2010
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    Thanks for sharing, but is there a bigger version of that image? I checked LWG's site and can't find the report. I can barely read the text in the version hosted here.
     
  10. jpiarull

    jpiarull Active Member

    Joined:
    Sep 3, 2010
    Messages:
    236
    Likes Received:
    66
    Trophy Points:
    43
    Location:
    NJ
    Ratings:
    +66
    Current Phone Model:
    Moto Z Force Droid
    Twitter:
    jpiarull
    I received an email from Norton that has a website vulnerability tool. Tests a webpage to see if it was affected by the virus. I tried numerous ones, including ones that suggest changes. Tool claims those websites were OK, besides the ones unaffected. Obviously you should change passwords quite often, using alphanumeric combos with special characters(if allowed by host-site).

    Joseph

    Sent from my SCH-I545 using Droid Forums
     
    • Like Like x 1
  11. mslaceyrose

    mslaceyrose Active Member

    Joined:
    Apr 12, 2014
    Messages:
    215
    Likes Received:
    74
    Trophy Points:
    28
    Location:
    Eastern USA
    Ratings:
    +74
    I've never completely trusted password managers either, so I have an Evernote file with all my passwords, but I have them in code, like little riddles, that only I would be able to decipher (yeah, I'm paranoid, lol)

    However, with this Heartbleed situation, and after reading the article linked below, I'm going to temporarily use one. According to the article, LastPass, having updated recently to include a feature that will check every one of your stored sites, will tell you which ones have patched the vulnerability and updated certificates. It looks like it makes it really easy. It will say either "Go ahead and change your password" for each site that's been fully patched, or "wait" for ones that have not yet patched. This is important because, as VirtualCLD noted, changing passwords before a site has patched will still leave you vulnerable. (regarding that, though, I think dgstorm's rationale for changing passwords on ALL vulnerable sites now, then changing them again after the site implements the patches, is sound advice)
    Worried about Heartbleed? LastPass' Security Check has you covered | ZDNet
     
Search tags for this page

heartbleed

,
what passwords need to be changed because of heartbleed