1. MrGlenn's Avatar
    I just love the extended descriptions of what Heartbleed is, how it was found, what it affect. But most of that, even the most basic explanations fail to tell me how I (or even more basic, how my old parents) should act.

    Let's say I use my Phone/PC/home network to connect to three basic things: my online bank, my email (outlook/gmail), facebook. Should I be constantly worried? Can for example some malicious person from half way across the world intercept this traffic?
    And what about BBLink? I know it sets up a "remote access" connection, what data would actually be vulnerable from that service?

    Does it mean I should change all of my passwords, or is that useless as long as Heartbleed still affects a service?
    Should I tell my parents to stop using their old computers untill this is universally fixed?

    Or is this something that would only leave me vulnerable if I am using a public Internet connection?

    BlackBerry 10 signed.
    04-11-14 08:58 AM
  2. sedalia066's Avatar
    Best I can understand BBLink is safe. Not fool proof but good. Those passwords you list need a change. Just finished two days of changing all of mine. Troublesome hut better safe than sorry.

    Via CB10. Bits, C000C6078 for links to science and technology posts and world news.
    MrGlenn likes this.
    04-11-14 09:09 AM
  3. sad_old_man's Avatar
    I just love the extended descriptions of what Heartbleed is, how it was found, what it affect. But most of that, even the most basic explanations fail to tell me how I (or even more basic, how my old parents) should act.

    Let's say I use my Phone/PC/home network to connect to three basic things: my online bank, my email (outlook/gmail), facebook. Should I be constantly worried? Can for example some malicious person from half way across the world intercept this traffic?
    And what about BBLink? I know it sets up a "remote access" connection, what data would actually be vulnerable from that service?

    Does it mean I should change all of my passwords, or is that useless as long as Heartbleed still affects a service?
    Should I tell my parents to stop using their old computers untill this is universally fixed?

    Or is this something that would only leave me vulnerable if I am using a public Internet connection?

    BlackBerry 10 signed.
    It's when sumbodyperson shots you wiv a gun and you is losing blood from your heart? Usually the signs are breathlessness, lack of movement in you limbs followed by DEATH So don't worry bout it see eh?

    Posted via CB10
    MrGlenn likes this.
    04-11-14 09:25 AM
  4. MrGlenn's Avatar
    Is there a big list of services somewhere for which password changes would be recommended?

    I forgot to mention my bank uses a Personal Identifier, which creates random codes for login purposes. Would a secondary security method like make it protected from Heartbleed?

    And I still do not understand when or how they would get my personal data if they are not in my direct vicinity?
    _____

    Also I was kind of hoping from the context I could avoid "gunshot wounds to the chest"-replies.

    BlackBerry 10 signed.
    04-11-14 09:29 AM
  5. Azensun's Avatar
    We as customers/consumers are in a shaky holding pattern from what I've read and understood. Changing passwords before knowing whether or not the site(s) you use won't plug the problem. It's up to the site(s) to address the issue internally, fix it, and if we're lucky, notify us, their customer. So far, very few sites have acknowledged they were harmed.

    What I find most troubling is that it's been in play for nearly two years, but only discovered recently.
    MrGlenn likes this.
    04-11-14 09:31 AM
  6. sad_old_man's Avatar
    Is there a big list of services somewhere for which password changes would be recommended?

    I forgot to mention my bank uses a Personal Identifier, which creates random codes for login purposes. Would a secondary security method like make it protected from Heartbleed?

    And I still do not understand when or how they would get my personal data if they are not in my direct vicinity?
    _____

    Also I was kind of hoping from the context I could avoid "gunshot wounds to the chest"-replies.

    BlackBerry 10 signed.
    You is a wise man voiding them chest wounds cause they urt see eh? Not as bad as belly wounds though?

    Posted via CB10
    04-11-14 09:34 AM
  7. MrGlenn's Avatar
    Thanks for the responses so far.

    I guess my biggest question remaining is:
    How would they even intercept my personal information? Do they have to be actively monitoring my home network? Or do they just send random requests to a server from anywhere in the world, and then it randomly leaks my information to them?
    In short: which part of the connection would they use to exploit this?

    BlackBerry 10 signed.
    04-11-14 09:48 AM
  8. Uzi's Avatar
    http://forums.crackberry.com/showthread.php?t=909342
    I guess this thread Has a lot information

    Posted via CB10
    04-11-14 09:56 AM
  9. MrGlenn's Avatar
    As usual I should have expected XKCD to come up with a visual explanation.

    If that explanation is correct, here is a summary: malicious person sends request X (empty package, claiming to be size Y) to server. Server sends back X (fills package with random information from its memory buffer until it reaches size Y). So it has nothing to do with your end of the connection to a server, and as such the only thing you can do is not use any affected websites until they are fixed. If you do, any information you enter might be readable from its memory buffer.

    This would also mean it is not a way to steal targeted information from certain individuals, but it is just a way to gather huge amounts on random data from servers which may or may not contain sensitive information purely by chance.

    I that the gist of it?
    Last edited by MrGlenn; 04-11-14 at 11:30 AM.
    04-11-14 11:09 AM
  10. Gooseberry Falls's Avatar
    Is there a big list of services somewhere for which password changes would be recommended?

    I forgot to mention my bank uses a Personal Identifier, which creates random codes for login purposes. Would a secondary security method like make it protected from Heartbleed?

    And I still do not understand when or how they would get my personal data if they are not in my direct vicinity?
    _____

    Also I was kind of hoping from the context I could avoid "gunshot wounds to the chest"-replies.

    BlackBerry 10 signed.
    You can check here:
    The Heartbleed Hit List: The Passwords You Need to Change Right Now

    You can test a url here:
    https://lastpass.com/heartbleed/?utm..._hsmi=12476982
    04-12-14 04:12 PM
  11. MobileMadness002's Avatar
    Thanks for the responses so far.

    I guess my biggest question remaining is:
    How would they even intercept my personal information? Do they have to be actively monitoring my home network? Or do they just send random requests to a server from anywhere in the world, and then it randomly leaks my information to them?
    In short: which part of the connection would they use to exploit this?

    BlackBerry 10 signed.

    They don't intercept at all. They send a heartbeat request to the web site in question. The heartbeat says, "Respond "Dog":65550characters", so the site goes and says "Dog + the next 65550 characters it has in memory" same thing as a buffer overflow. Now if tyhis is a site you may have visitted, the response could look like "Dog:MrGlennXXXXXXXKey8409845987639756978236573645 6,where can I find midget porn" and a whole lot of other stuff.

    So they don't intercept anything, they merely search the response sent from the site they are attacking.
    04-12-14 04:27 PM
  12. Lostboy5151's Avatar
    Just as it's always BEEN, there will always BE people creating new ways to "hack" into our privacy!

    One of the oldest suggestions has always been to change your passwords from time to time and don't use the same one for everything.
    I use excellent security software on a home network with 4 computers and I use Wi-Fi only when necessary. Hard wiring is definitely a safer way to go (imo)

    Anyway, this coming from your average JoJo!
    04-12-14 04:50 PM
  13. MrGlenn's Avatar
    Yeah over the last few days even the mainstream media have been a bit better at explaining it.

    Anyway I decided to switch the majority of my passwords on "safe" sites. And I will probably have my parents do their main ones (facebook, email).

    Luckily we do not have any creditcard and our bank has an external identifier. I feel sorry for people that share their payment card details online. That seems to me to be the foremost danger this Heartbleed poses.

    BlackBerry 10 signed.
    04-12-14 05:36 PM

Similar Threads

  1. How about word wrap in the Browser?
    By Gearheadaddy in forum BB10 Leaked/Beta OS
    Replies: 46
    Last Post: 04-27-14, 04:28 AM
  2. BlackBerry could be the chauffeur in your future driverless car
    By Warlack in forum General BlackBerry Discussion
    Replies: 12
    Last Post: 04-17-14, 04:15 AM
  3. The usage of FM radio on BlackBerry Q10
    By gintsb_359 in forum BlackBerry Q10
    Replies: 5
    Last Post: 04-11-14, 05:35 PM
  4. Blackberry camera VS the Nokia Lumia 920
    By antoscimento in forum General BlackBerry Discussion
    Replies: 9
    Last Post: 04-11-14, 09:32 AM
LINK TO POST COPIED TO CLIPBOARD