cplusplus.com heartbleed
Apr 9, 2014 at 10:31pm
Hey everyone.
To anyone that doesn't know, the Heartbleed bug [ http://heartbleed.com/ ] was announced earlier this week.
I noticed that cplusplus.com is running Apache...
My questions are
- is this site vulnerable?
- if we login through an outside service (e.g. Google) are our credentials safe?
- if either of the above are true, when will this be patched?
Also, anyone have some big websites you use that are vulnerable? I'm sure everyone here would like to know.
Thanks in advance!
To anyone that doesn't know, the Heartbleed bug [ http://heartbleed.com/ ] was announced earlier this week.
I noticed that cplusplus.com is running Apache...
|
|
Server: Apache/2.2.22 (Debian) |
My questions are
- is this site vulnerable?
- if we login through an outside service (e.g. Google) are our credentials safe?
- if either of the above are true, when will this be patched?
Also, anyone have some big websites you use that are vulnerable? I'm sure everyone here would like to know.
Thanks in advance!
Last edited on Apr 9, 2014 at 10:36pm
Apr 10, 2014 at 1:08am
This is a time to contact the site administrator. Not really sure what the recommended channel for doing so is. Might try the "contact us" link at the bottom of the page first.
Apr 10, 2014 at 7:54am| is this site vulnerable? |
| if we login through an outside service (e.g. Google) are our credentials safe? |
| if either of the above are true, when will this be patched? |
| Also, anyone have some big websites you use that are vulnerable? |
8 banks
2 payment systems
8 VPN providers
2 largest search engines and mail providers
were compromised.
Also: https://github.com/musalbas/heartbleed-masstest look Overview just below
Last edited on Apr 10, 2014 at 8:00am
Apr 10, 2014 at 9:06am
This forum uses http:// so I don't think it's affected in any way by this bug because http:// is unencrypted.
Apr 10, 2014 at 9:26am
cplusplus.com:443
I think there was ssl avaliable, but twicker received message from LB and it is gone now. Online heartbleed detectors gives "no ssl" error now when they were giving positives before.
I think there was ssl avaliable, but twicker received message from LB and it is gone now. Online heartbleed detectors gives "no ssl" error now when they were giving positives before.
Last edited on Apr 10, 2014 at 9:26am
Apr 10, 2014 at 2:22pm
Thanks for the info everyone. I was clueless as to who to ask, and I knew someone here would. My main concern was with the google and yahoo logins, but I suppose the worst thing that could happen is someone could pose on this site as someone else for a brief time if I'm understanding correctly?
There are a lot of sites not accepting https connections right now. I had trouble getting my package manager to work yesterday. Also, I can't tell about my bank right now because they've taken a sledgehammer approach to blocking outside connections. I just wonder how much it will impact companies that rarely update software anyway.
It's hard to explain to family members that you should change your passwords, but you can't change it now on many websites.
There are a lot of sites not accepting https connections right now. I had trouble getting my package manager to work yesterday. Also, I can't tell about my bank right now because they've taken a sledgehammer approach to blocking outside connections. I just wonder how much it will impact companies that rarely update software anyway.
It's hard to explain to family members that you should change your passwords, but you can't change it now on many websites.
Last edited on Apr 10, 2014 at 2:31pm
Topic archived. No new replies allowed.