Is the current Open SSL Heartbleed issue affecting eccie. I have seen some conflicting information on how to protect yourself. For example, some articles suggest to start changing passwords now. Others suggest to wait until all sites have been upgraded and then change passwords.
Curious to what the eccie community is doing?
- Guest021417
- 04-10-2014, 08:28 AM
- LNK
- 04-10-2014, 08:40 AM
Changing passwords before site administrators change the software means the new password is exposed.
But knowing which sites are vulnerable and which have upgraded is another matter.
Useful links:
This site lets you check if a website is affected: http://filippo.io/Heartbleed/
This site lets you check if a certificate is affected: https://sslcheck.globalsign.com/en_US
But knowing which sites are vulnerable and which have upgraded is another matter.
Useful links:
This site lets you check if a website is affected: http://filippo.io/Heartbleed/
This site lets you check if a certificate is affected: https://sslcheck.globalsign.com/en_US
- tia travels
- 04-10-2014, 10:53 PM
This link lists someone who tested a ton of sites (it's mentioned in the 2nd link below).
https://github.com/musalbas/heartble...670.1384201823
I didn't see ECCIE on the list when doing a search.
Also, read the article too...helpful advice about not changing passwords for a few days.
http://news.msn.com/science-technolo...e-to-change-it
https://github.com/musalbas/heartble...670.1384201823
I didn't see ECCIE on the list when doing a search.
Also, read the article too...helpful advice about not changing passwords for a few days.
http://news.msn.com/science-technolo...e-to-change-it
- Chica Chaser
- 04-13-2014, 01:39 PM
Eccie services are not impacted by this issue. For more information, visit http://blogs.mcafee.com/consumer/what-is-heartbleed.
It is always good practice to change passwords on a regular basis. Changing your online passwords, especially for services where privacy and security are major concerns (like financial or health information) can help ensure your information is safe.
It is always good practice to change passwords on a regular basis. Changing your online passwords, especially for services where privacy and security are major concerns (like financial or health information) can help ensure your information is safe.
- LNK
- 04-13-2014, 02:10 PM
- Unique_Carpenter
- 04-13-2014, 09:56 PM
Kaspersky's blog on the topic. A bit better than McAffee's
https://usblog.kaspersky.com/heartbl...=1086761374411
As for when to change passwords, note the recommendation about 2/3 of the way down to reissue new site certificates and revoke old certificates. Just after a new sever certificate is issued, is when you change your password for that site, if that site had problems.
Folks should simply let the IT server techs get the patch loaded instead of wasting their time with questions about stuff that no one can actually do anything about until the patches are online. Excuse me for grumpy, been busy dealing with clients (protecting the techs time) as our clients simply do not have the issue in the first place (they don't understand that). So all our client machines are simply getting new certificates.
https://usblog.kaspersky.com/heartbl...=1086761374411
As for when to change passwords, note the recommendation about 2/3 of the way down to reissue new site certificates and revoke old certificates. Just after a new sever certificate is issued, is when you change your password for that site, if that site had problems.
Folks should simply let the IT server techs get the patch loaded instead of wasting their time with questions about stuff that no one can actually do anything about until the patches are online. Excuse me for grumpy, been busy dealing with clients (protecting the techs time) as our clients simply do not have the issue in the first place (they don't understand that). So all our client machines are simply getting new certificates.
- Bigh1955
- 04-18-2014, 08:35 AM
I just checked eccie using the Norton heartbleed tool and it shows the site is effected.
- Guest070916
- 04-18-2014, 10:01 AM
Have a link to that Norton heartbleed tool?
- LNK
- 04-18-2014, 02:19 PM
I just checked eccie using the Norton heartbleed tool and it shows the site is effected. Originally Posted by Bigh1955
Have a link to that Norton heartbleed tool? Originally Posted by CelsoSee this thread for more information: http://eccie.net/showthread.php?t=1031229
In short, ECCIE doesn't use SSL.
Norton's tool is obviously giving a false positive.
- Unique_Carpenter
- 04-18-2014, 06:30 PM
Some of the tools are simply looking for updated site certificates or are looking for the SSL patch. Neither of which is necessary for an http site. Unless you simply want to recertify to shut down the onggoooiiinnngggg questions.