[MrGlenn]

I just love the extended descriptions of what Heartbleed is, how it was found, what it affect. But most of that, even the most basic explanations fail to tell me how I (or even more basic, how my old parents) should act.

Let's say I use my Phone/PC/home network to connect to three basic things: my online bank, my email (outlook/gmail), facebook. Should I be constantly worried? Can for example some malicious person from half way across the world intercept this traffic?
And what about BBLink? I know it sets up a "remote access" connection, what data would actually be vulnerable from that service?

Does it mean I should change all of my passwords, or is that useless as long as Heartbleed still affects a service?
Should I tell my parents to stop using their old computers untill this is universally fixed?

Or is this something that would only leave me vulnerable if I am using a public Internet connection?

BlackBerry 10 signed.

[sedalia066]

Best I can understand BBLink is safe. Not fool proof but good. Those passwords you list need a change. Just finished two days of changing all of mine. Troublesome hut better safe than sorry.

Via CB10. Bits, C000C6078 for links to science and technology posts and world news.

[sad_old_man]

I just love the extended descriptions of what Heartbleed is, how it was found, what it affect. But most of that, even the most basic explanations fail to tell me how I (or even more basic, how my old parents) should act.

Let's say I use my Phone/PC/home network to connect to three basic things: my online bank, my email (outlook/gmail), facebook. Should I be constantly worried? Can for example some malicious person from half way across the world intercept this traffic?
And what about BBLink? I know it sets up a "remote access" connection, what data would actually be vulnerable from that service?

Does it mean I should change all of my passwords, or is that useless as long as Heartbleed still affects a service?
Should I tell my parents to stop using their old computers untill this is universally fixed?

Or is this something that would only leave me vulnerable if I am using a public Internet connection?

BlackBerry 10 signed.

It's when sumbodyperson shots you wiv a gun and you is losing blood from your heart? Usually the signs are breathlessness, lack of movement in you limbs followed by DEATH So don't worry bout it see eh?

Posted via CB10

[MrGlenn]

Is there a big list of services somewhere for which password changes would be recommended?

I forgot to mention my bank uses a Personal Identifier, which creates random codes for login purposes. Would a secondary security method like make it protected from Heartbleed?

And I still do not understand when or how they would get my personal data if they are not in my direct vicinity?
_____

Also I was kind of hoping from the context I could avoid "gunshot wounds to the chest"-replies.

BlackBerry 10 signed.

[Azensun]

We as customers/consumers are in a shaky holding pattern from what I've read and understood. Changing passwords before knowing whether or not the site(s) you use won't plug the problem. It's up to the site(s) to address the issue internally, fix it, and if we're lucky, notify us, their customer. So far, very few sites have acknowledged they were harmed.

What I find most troubling is that it's been in play for nearly two years, but only discovered recently.

[sad_old_man]

Is there a big list of services somewhere for which password changes would be recommended?

I forgot to mention my bank uses a Personal Identifier, which creates random codes for login purposes. Would a secondary security method like make it protected from Heartbleed?

And I still do not understand when or how they would get my personal data if they are not in my direct vicinity?
_____

Also I was kind of hoping from the context I could avoid "gunshot wounds to the chest"-replies.

BlackBerry 10 signed.

You is a wise man voiding them chest wounds cause they urt see eh? Not as bad as belly wounds though?

Posted via CB10

[MrGlenn]

Thanks for the responses so far.

I guess my biggest question remaining is:
How would they even intercept my personal information? Do they have to be actively monitoring my home network? Or do they just send random requests to a server from anywhere in the world, and then it randomly leaks my information to them?
In short: which part of the connection would they use to exploit this?

BlackBerry 10 signed.

[Uzi]

http://forums.crackberry.com/showthread.php?t=909342
I guess this thread Has a lot information

Posted via CB10

[MrGlenn]

As usual I should have expected XKCD to come up with a visual explanation.

If that explanation is correct, here is a summary: malicious person sends request X (empty package, claiming to be size Y) to server. Server sends back X (fills package with random information from its memory buffer until it reaches size Y). So it has nothing to do with your end of the connection to a server, and as such the only thing you can do is not use any affected websites until they are fixed. If you do, any information you enter might be readable from its memory buffer.

This would also mean it is not a way to steal targeted information from certain individuals, but it is just a way to gather huge amounts on random data from servers which may or may not contain sensitive information purely by chance.

I that the gist of it?

[Gooseberry Falls]

Is there a big list of services somewhere for which password changes would be recommended?

I forgot to mention my bank uses a Personal Identifier, which creates random codes for login purposes. Would a secondary security method like make it protected from Heartbleed?

And I still do not understand when or how they would get my personal data if they are not in my direct vicinity?
_____

Also I was kind of hoping from the context I could avoid "gunshot wounds to the chest"-replies.

BlackBerry 10 signed.

You can check here:
The Heartbleed Hit List: The Passwords You Need to Change Right Now

You can test a url here:
https://forums.crackberry.com/e?link...token=EmA7sMZD

[MobileMadness002]

Thanks for the responses so far.

I guess my biggest question remaining is:
How would they even intercept my personal information? Do they have to be actively monitoring my home network? Or do they just send random requests to a server from anywhere in the world, and then it randomly leaks my information to them?
In short: which part of the connection would they use to exploit this?

BlackBerry 10 signed.

They don't intercept at all. They send a heartbeat request to the web site in question. The heartbeat says, "Respond "Dog":65550characters", so the site goes and says "Dog + the next 65550 characters it has in memory" same thing as a buffer overflow. Now if tyhis is a site you may have visitted, the response could look like "Dog:MrGlennXXXXXXXKey8409845987639756978236573645 6,where can I find midget porn" and a whole lot of other stuff.

So they don't intercept anything, they merely search the response sent from the site they are attacking.

[anon(3732391)]

Just as it's always BEEN, there will always BE people creating new ways to "hack" into our privacy!

One of the oldest suggestions has always been to change your passwords from time to time and don't use the same one for everything.
I use excellent security software on a home network with 4 computers and I use Wi-Fi only when necessary. Hard wiring is definitely a safer way to go (imo)

Anyway, this coming from your average JoJo!

[MrGlenn]

Yeah over the last few days even the mainstream media have been a bit better at explaining it.

Anyway I decided to switch the majority of my passwords on "safe" sites. And I will probably have my parents do their main ones (facebook, email).

Luckily we do not have any creditcard and our bank has an external identifier. I feel sorry for people that share their payment card details online. That seems to me to be the foremost danger this Heartbleed poses.

BlackBerry 10 signed.