Author Topic: The Heartbeat Bug:Strikes Secure Websites, even yahoo.com is vulnerable  (Read 939 times)

0 Members and 1 Guest are viewing this topic.

Offline Sub5

  • Hero Member
  • *****
  • Posts: 1241
  • Country: ng
  • Karma: +1/-0
  • Gender: Male
  • Believe it or not God is a programmer
The Heartbeat Bug:Strikes Secure Websites, even yahoo.com is vulnerable.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Yahoo seems to be the most major Web to site have been vulnerable to the bug (preliminary tests for Facebook, Google, and Twitter's Web sites said they appear to be safe). The company said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr. Still, a Yahoo spokesperson said the company is still working to make the fix across the rest of the Yahoo sites.
"I encourage users to not log in into [Yahoo] and other services that are affected since the credentials could have been leaked if they used the service," said Jaime Blasco, director of AlienVault Labs, a security research firm. "As soon as Yahoo solves the issue, it will be helpful if users change their password just in case."

HOW TO SECURE YOUR DETAILS FROM THIS BUG
1. Make a list (or think thru) sensitive information you have on the web. (Luckily, Google and all there services are not affected)
2. Mail your service provider to ask questions.
3. Once you've got confirmation of a security patch, change passwords of sensitive accounts.
4. Change your sensitive passwords (mail, bank account)
5. Keep a close eye on financial statements for the next few days



All Student Forum


Offline Sub5

  • Hero Member
  • *****
  • Posts: 1241
  • Country: ng
  • Karma: +1/-0
  • Gender: Male
  • Believe it or not God is a programmer
Re: The Heartbeat Bug: List of vulnerable websites
« Reply #1 on: April 10, 2014, 09:24:46 PM »
Testing yahoo.com... vulnerable.
Testing imgur.com... vulnerable.
Testing stackoverflow.com... vulnerable.
Testing kickass.to... vulnerable.
Testing flickr.com... vulnerable.
Testing redtube.com... vulnerable.
Testing sogou.com... vulnerable.
Testing ... vulnerable.
Testing outbrain.com... vulnerable.
Testing archive.org... vulnerable.
Testing addthis.com... vulnerable.
Testing stackexchange.com... vulnerable.
Testing popads.net... vulnerable.
Testing avito.ru... vulnerable.
Testing web.de... vulnerable.
Testing suning.com... vulnerable.
Testing zeobit.com... vulnerable.
Testing beeg.com... vulnerable.
Testing seznam.cz... vulnerable.
Testing okcupid.com... vulnerable.
Testing pch.com... vulnerable.
Testing xda-developers.com... vulnerable.
Testing steamcommunity.com... vulnerable.
Testing slate.com... vulnerable.
Testing scoop.it... vulnerable.
Testing hidemyass.com... vulnerable.
Testing 123rf.com... vulnerable.
Testing m-w.com... vulnerable.
Testing dreamstime.com... vulnerable.
Testing amung.us... vulnerable.
Testing duckduckgo.com... vulnerable.
Testing leo.org... vulnerable.
Testing eventbrite.com... vulnerable.
Testing wetransfer.com... vulnerable.
Testing sh.st... vulnerable.
Testing entrepreneur.com... vulnerable.
Testing zoho.com... vulnerable.
Testing yts.re... vulnerable.
Testing usmagazine.com... vulnerable.
Testing fool.com... vulnerable.
Testing digitalpoint.com... vulnerable.
Testing picmonkey.com... vulnerable.
Testing petflow.com... vulnerable.
Testing squidoo.com... vulnerable.
Testing avazutracking.net... vulnerable.
Testing elegantthemes.com... vulnerable.
Testing 500px.com... vulnerable.
« Last Edit: April 10, 2014, 09:27:21 PM by Sub5 »

Offline Sub5

  • Hero Member
  • *****
  • Posts: 1241
  • Country: ng
  • Karma: +1/-0
  • Gender: Male
  • Believe it or not God is a programmer
Re: The Heartbeat Bug:List of vulnerable websites
« Reply #2 on: April 10, 2014, 09:26:53 PM »
Testing google.com... not vulnerable.
Testing facebook.com... not vulnerable.
Testing youtube.com... not vulnerable.
Testing yahoo.com... vulnerable.
Testing baidu.com... no SSL.
Testing wikipedia.org... not vulnerable.
Testing qq.com... no SSL.
Testing twitter.com... not vulnerable.
Testing live.com... no SSL.
Testing linkedin.com... no SSL.
Testing taobao.com... no SSL.
Testing amazon.com... not vulnerable.
Testing google.co.in... not vulnerable.
Testing sina.com.cn... no SSL.
Testing blogspot.com... not vulnerable.
Testing hao123.com... no SSL.
Testing weibo.com... no SSL.
Testing wordpress.com... not vulnerable.
Testing yahoo.co.jp... no SSL.
Testing vk.com... not vulnerable.
Testing yandex.ru... not vulnerable.
Testing ebay.com... no SSL.
Testing bing.com... no SSL.
Testing google.de... not vulnerable.
Testing tmall.com... no SSL.
Testing pinterest.com... not vulnerable.
Testing sohu.com... not vulnerable.
Testing google.co.uk... not vulnerable.
Testing ask.com... no SSL.
Testing 360.cn... no SSL.
Testing google.fr... not vulnerable.
Testing google.co.jp... not vulnerable.
Testing msn.com... no SSL.
Testing instagram.com... not vulnerable.
Testing tumblr.com... not vulnerable.
Testing 163.com... no SSL.
Testing google.com.br... not vulnerable.
Testing mail.ru... not vulnerable.
Testing microsoft.com... no SSL.
Testing paypal.com... not vulnerable.
Testing soso.com... no SSL.
Testing adcash.com... not vulnerable.
Testing google.ru... not vulnerable.
Testing xvideos.com... no SSL.
Testing google.es... not vulnerable.
Testing google.it... not vulnerable.
Testing imdb.com... no SSL.
Testing apple.com... no SSL.
Testing imgur.com... vulnerable.
Testing cnn.com... no SSL.
Testing craigslist.org... not vulnerable.
Testing amazon.co.jp... not vulnerable.
Testing google.com.hk... not vulnerable.
Testing stackoverflow.com... vulnerable.
Testing xhamster.com... not vulnerable.
Testing google.com.mx... not vulnerable.
Testing reddit.com... not vulnerable.
Testing gmw.cn... no SSL.
Testing ifeng.com... no SSL.
Testing vube.com... not vulnerable.
Testing go.com... no SSL.
Testing bbc.co.uk... not vulnerable.

All Student Forum

Re: The Heartbeat Bug:List of vulnerable websites
« Reply #2 on: April 10, 2014, 09:26:53 PM »

Offline Sub5

  • Hero Member
  • *****
  • Posts: 1241
  • Country: ng
  • Karma: +1/-0
  • Gender: Male
  • Believe it or not God is a programmer
Re: The Heartbeat Bug: List of vulnerable websites
« Reply #3 on: April 10, 2014, 09:28:42 PM »
Testing google.ca... not vulnerable.
Testing blogger.com... not vulnerable.
Testing fc2.com... not vulnerable.
Testing xinhuanet.com... no SSL.
Testing aliexpress.com... no SSL.
Testing alipay.com... no SSL.
Testing akamaihd.net... no SSL.
Testing alibaba.com... no SSL.
Testing googleusercontent.com... no SSL.
Testing wordpress.org... not vulnerable.
Testing godaddy.com... no SSL.
Testing google.com.tr... not vulnerable.
Testing ... not vulnerable.
Testing huffingtonpost.com... no SSL.
Testing pornhub.com... not vulnerable.
Testing google.com.au... not vulnerable.
Testing about.com... no SSL.
Testing people.com.cn... no SSL.
Testing amazon.de... not vulnerable.
Testing kickass.to... vulnerable.
Testing youku.com... no SSL.
Testing ebay.de... no SSL.
Testing thepiratebay.se... not vulnerable.
Testing espn.go.com... not vulnerable.
Testing google.pl... not vulnerable.
Testing blogspot.in... not vulnerable.
Testing clkmon.com... not vulnerable.
Testing ... not vulnerable.
Testing flickr.com... vulnerable.
Testing bp.blogspot.com... no SSL.
Testing netflix.com... no SSL.
Testing conduit.com... not vulnerable.
Testing dailymail.co.uk... no SSL.
Testing china.com... no SSL.
Testing adobe.com... not vulnerable.
Testing vimeo.com... no SSL.
Testing xnxx.com... no SSL.
Testing ebay.co.uk... no SSL.
Testing livejasmin.com... no SSL.
Testing rakuten.co.jp... no SSL.
Testing cnet.com... no SSL.
Testing themeforest.net... no SSL.
Testing redtube.com... vulnerable.
Testing indiatimes.com... no SSL.
Testing uol.com.br... no SSL.
Testing aol.com... no SSL.
Testing m2newmedia.com... not vulnerable.
Testing amazon.co.uk... not vulnerable.
Testing dropbox.com... not vulnerable.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
10 minus 10 = ?:
What letter is missing in this word 'Gogle':

Related Topics

  Subject / Started by Replies Last post
0 Replies
1172 Views
Last post October 26, 2010, 06:23:40 PM
by TravelXpert
0 Replies
699 Views
Last post November 06, 2010, 12:04:57 AM
by mfoniso
0 Replies
1338 Views
Last post April 11, 2013, 11:22:01 PM
by debby
0 Replies
571 Views
Last post April 12, 2013, 10:41:36 PM
by Sub5
0 Replies
85 Views
Last post August 29, 2017, 11:59:00 PM
by mfoniso