Flickr users - reset your passwords!

The issue has apparently been fixed but there was a period of vulnerability, which Yahoo has not specifically identified.

http://www.cnet.com …n-reveals-user-passwords/

Thanks for the heads up. The question is has Yahoo fixed all of their servers? If we change our passwords now and they happen to hit Yahoo servers that have not had the fix, bad guys will have our new passwords.

morph2_7 wrote in post #16821544
The question is has Yahoo fixed all of their servers?

From the article:

I looked on Yahoo's website but couldn't find any official statement.

I used this site: http://filippo.io/Hear​tbleed to test yahoo and flickr. They're both safe now.

It probably wouldn't be as much of an issue if Yahoo! implemented two factor authentication.

Even if "fixed" the damage still done, existing passwords are vulnerable. Think about changing all of your passwords for each of your important "secure" internet etc. Banking or anything "sensitive" in nature.

If, a site/server has still not patched, then changing your password now would still mean it's vulnerable, so probably a good idea to keep changing them for a while, or until you get the warm fuzzies again

Michael60d wrote in post #16821700
Even if "fixed" the damage still done, existing passwords are vulnerable. Think about changing all of your passwords for each of your important "secure" internet etc. Banking or anything "sensitive" in nature.

If, a site/server has still not patched, then changing your password now would still mean it's vulnerable, so probably a good idea to keep changing them for a while, or until you get the warm fuzzies again

Will it still be on my computer waiting for my new passwords?

DigitalDon wrote in post #16821710
Will it still be on my computer waiting for my new passwords?

No, because it is not something that exists on your computer. This is a vulnerability in an encryption/communicati​on method used by servers.

RWJP wrote in post #16823177
No, because it is not something that exists on your computer. This is a vulnerability in an encryption/communicati​on method used by servers.

Thanks
This you whos that is yahoo is about as behind times as aol (my aol has alread been hacked once,don't use it anymore) would love to drop Yahoo but my service provider bellsouth/att uses them for my main email account. I wonder if Yahoo/bellsouth/ATT is going to let me know that they have their end fixed and let me know to change my password.

DigitalDon wrote in post #16823477
Thanks
This you whos that is yahoo is about as behind times as aol (my aol has alread been hacked once,don't use it anymore) would love to drop Yahoo but my service provider bellsouth/att uses them for my main email account. I wonder if Yahoo/bellsouth/ATT is going to let me know that they have their end fixed and let me know to change my password.

Yahoo is not the only one affected by this bug. There are many other websites affected by this problem. I won't worry about my Yahoo account as much as I do about my accounts at financial websites.

Going to a website that I want to check the certificate of, I click on the lock icon next to the address bar, then clicking on View Certificates, I can see the info under the Details tab but how do I know if it has been patched?

You can use the link in post #4 to check the site or ask the website support.

morph2_7 wrote in post #16823792
You can use the link in post #4 to check the site or ask the website support.

I tried entering in the site I wanted to check, a blue line goes across the top of the screen but does nothing else, how long should it take for it to check a site.

It should be instantaneous, about 3-5 seconds. However, I've seen the problem you're experiencing (blue line goes all the way to the right and does nothing else). I guess their site isn't that reliable or too busy. It would be better if you contact the website support.

morph2_7 wrote in post #16823824
It should be instantaneous, about 3-5 seconds. However, I've seen the problem you're experiencing (blue line goes all the way to the right and does nothing else). I guess their site isn't that reliable or too busy. It would be better if you contact the website support.

Use to at the bottom of every website there was a link to the Web Master but I guess that is gone forever. Looked at Quicken website and my banking website and can't find anything related to asking them about a certificate update, And you know how it would be trying to talk to somebody on the phone that wouldn't have a clue as to what I was talking about.

Edited to add Found something in the Quicken forum
Recommended answer
 Quicken Kathryn

Moderator

 16 hours ago


Hi petev

As part of its ongoing commitment to maintain the security of customer data, Intuit has actively examined and is updating its servers to protect against the newly discovered “Heartbleed” vulnerability on the Internet.

At this time, there is nothing to indicate that any customer data is affected and our products are available as usual. We will provide more information as we learn more.

Further information on protecting personal information is available from the Intuit Online Security Center at https://security.intui​t.com/index.php

Thanks,