Announcement

Collapse
No announcement yet.

Interesting!!!

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Interesting!!!

    Depending on what part of the media you read, there is a new Virus / Bug / Exception out there and its the worst to hit the world to date.

    So to make it Clear, its a Virus the Exploits a Bug to create an exception in the Security of the Secure Sockets.

    Now in English

    Its has found a Flaw in the HTTPS (secure for paying things), and it CAN and DOES copy all of your passwords and information.
    The Media is telling you to "CHANGE ALL OF YOUR PASSWORDS NOW".

    DO NOT DO IT!!!!!!

    for 3 Simple reasons

    1. You might Not as Yet have it, meaning that you do not need to change anything
    2. There is not a fix for it as yet
    3. Until there is a fix for it, then changing All of your passwords will give the information direct as you type it in

    Best practice at this moment in time is the following

    1. Keep an eye on your Emails - Your looking for letters confirming Purchases and Account changes, if you see any contact the company by telephone, then email
    2. Monitor All Credit cards - any charges transfers purchases you have not made, then as above contact the Card Provider and the company by telephone then email
    3. Bank Accounts -As per the Credit card

    This is a major Problem, but as yet there is no fix, and its unknown how actively widespread it actually is. its there, but as yet nobody knows the REAL damage its doing
    Trev

    Equipment - According to the wife more than a Camera Shop got

    Flickr:
    https://www.flickr.com/photos/trevb2639/
    Tags: None
    #2
    Re: Interesting!!!

    Thank you for that!

    Richard
    Richard Anderson Photography at www.raphoto.me

    Comment

      #3
      Re: Interesting!!!

      Thank you for that Will keep a watchful eye.
      Canon 6D; Canon 760D;Canon G15;Canon 40mm f2.8(Pancake);Canon 50mm f1.8(ii); Canon 17mm-40mm f4L;Canon EF-S 10-18mm f4.5-5.6 IS STM;Canon EF-S 55-250mm f4-5.6 STM lens;Canon 24mm-105mmf4L IS;Canon 70-300mm f4-f5.6 L IS USM;Kenko 1.4x HD TC;Canon 430EX ii flash;Giottos tripod;Manfretto monopod;Cokin P filters + bits and pieces!

      www.flickr.com/photos/nathaniel3390

      North Wales where music and the sea give a great concert!

      Comment

        #4
        Re: Interesting!!!

        Not concerned but thanks for the heads up
        Canon EOS R6 Mark II, Canon RF 100-500mm f4.5-7.1L, Canon RF 24-105mm f4L
        Please note: I do not have or use Photoshop

        flickr

        Comment

          #5
          Re: Interesting!!!

          Here is the latest from McAfee which I received this morning as I am certain all you other McAfee users have received....

          Recently, a major security vulnerability named "Heartbleed" has made headlines around the world. This is a severe vulnerability stemming from a coding mistake in a widely-used security utility called OpenSSL.

          The bug affects the encryption technology designed to protect your sensitive data on the Internet, like usernames, passwords and emails.

          This is a flaw in the OpenSSL encryption code, not a virus that can be stopped by McAfee or other consumer security software. Because this vulnerability takes advantage of servers, and not consumer devices, businesses need to update to the latest version of OpenSSL to mitigate and address the dangers posed.

          McAfee is currently in the process of auditing all of our services, and the services provided by our partners, for any dangers posed by Heartbleed. If there is any instance that the vulnerable version of OpenSSL is in use we will remediate with the utmost urgency.

          The severity of the Heartbleed vulnerability cannot be overstated: several major enterprises use OpenSSL, and are likely affected by this vulnerability as well. The dangers posed by this vulnerability are very real and could affect you if exploited.

          So what do you need to do?
          • Right now, the best thing you can do is wait to be notified about affected services and patches or you can investigate this list provided by Mashable that has some well known brands listed.
          • If you'd like to investigate whether or not a website you frequent has been affected, you can use this tool.
          • Reset your password for every online service affected by Heartbleed. But beware: you should only change your password after the afflicted business has fixed its servers to remove the Heartbleed vulnerability. Changing your passwords before a company's servers are updated will not protect your credentials from being leaked.
          • For additional details, please click here.

          We at McAfee apologize for any inconvenience this may cause you. We will be contacting you again as we update our services that use OpenSSL.
          David

          Comment

            #6
            Re: Interesting!!!

            Not really concerned. The AV companies patched the flaw in OpenSSL long before going public to the public earlier in the week.
            Meaning it's already patched and the damage the heartbleed bug can do is negligible.
            If you're at all concerned, you should check all sites you transact with are patched.
            In truth, you'd have to check dozens of sites you use, and in practice the demand to check has overwhelmed the checking links anyway.
            Last edited by NickM; 11-04-2014, 18:07.
            I'm the first to rush to help people, yet it's not okay to respond to a misinformed remark. You don't deserve my custom, patronage or help, so taking it elsewhere.

            Comment

              #7
              Re: Interesting!!!

              I had an email From a company called Solwise I had purchased goods from in the past informing me that they had patched their website.

              Here at Solwise we take Internet security very seriously and as such we are pleased to announce that (as of midday 09/04/2014) we have patched the vulnerability and have had new security certificates signed by Thawte.

              Although we think it is unlikely that the Solwise website would have been targeted during the small timeframe between when the vulnerability was published, and when we patched it; we are putting systems into place to allow our users to change their passwords to give them added peace of mind.
              Alex

              EOS R5 EOS 7D Mk ii Lenses EFS 18-55mm EFS 55-250mm EF 50mm 24-105mm Sigma EX 70-200 Sigma 150-600c

              Comment

                #8
                Re: Interesting!!!

                Originally posted by NickM View Post
                Not really concerned. The AV companies patched the flaw in OpenSSL long before going public to the public earlier in the week.
                Meaning it's already patched and the damage the heartbleed bug can do is negligible.
                If you're at all concerned, you should check all sites you transact with are patched.
                In truth, you'd have to check dozens of sites you use, and in practice the demand to check has overwhelmed the checking links anyway.
                Err, not even wrong. The flaw affects some versions of software that encrypts information sent between your web browser and a web site or between your computer and another over a virtual private network. As such, it has nothing to do with virus scanners so the AV companies patching anything will have no effect on the hundreds of thousands of web sites that use this software worldwide.

                As for checking well that's pointless at the moment unless you know whether the website you're checking has also replace their SSL certificates because unless both have happened - patching and certificates - then you're still at risk.

                To quote a colleague of mine who's in this game - I'm on the periphery of this kind of work - the banks world wide are cacking themselves over this one.
                Last edited by AndyMulhearn; 11-04-2014, 19:04.
                EOS 7D mk II, Sigma 150-660C, Canon 17-85 EF-S, Tamron 10-24 and a wife who shares my obsession.

                Comment

                  #9
                  Re: Interesting!!!

                  AV was a slip of my keyboard. I meant generically whoever is sorting the patching/limiting the snafu.
                  Ironically it's been AntiVirus companies the media has been quoting and referring to viz damage limitation. I'm sure McAffee has been mentioned a number of times, oddly.
                  Glad you're able to enlighten us re patching/certificates and risk.
                  Probably fair to say the banks are cacking themselves more over the fact the horse may have already left the scene, run the derby and got next door's mare pregnant, rather than over any frantic bolting the stable door they're doing right now.
                  Last edited by NickM; 11-04-2014, 21:32.
                  I'm the first to rush to help people, yet it's not okay to respond to a misinformed remark. You don't deserve my custom, patronage or help, so taking it elsewhere.

                  Comment

                    #10
                    Re: Interesting!!!

                    Trust me there are a number of software companies and some big hardware companies whose executives currently have rather messy underwear as their applications run on servers using the functionality of Open SSL.
                    David

                    Comment

                      #11
                      Re: Interesting!!!

                      Originally posted by NickM View Post
                      AV was a slip of my keyboard. I meant generically whoever is sorting the patching/limiting the snafu.
                      Ironically it's been AntiVirus companies the media has been quoting and referring to viz damage limitation. I'm sure McAffee has been mentioned a number of times, oddly.
                      Glad you're able to enlighten us re patching/certificates and risk.
                      Probably fair to say the banks are cacking themselves more over the fact the horse may have already left the scene, run the derby and got next door's mare pregnant, rather than over any frantic bolting the stable door they're doing right now.
                      Fair enough. The Banks are worried about systems other than online banking from what I've been told. That part of their setup is pretty secure, it's every other part of their public persona delivered through web sites they're worried about.

                      In some ways I wonder whether this very public announcement actually helps. The man in the street can't really fix it, it would make much more sense for the vulnerability to be patched and released, along with stuff like OpenVPN which uses it, before any kind of announcement. This way sleazy hackers who weren't aware of it get a heads up and could start making use of it. All very odd.
                      EOS 7D mk II, Sigma 150-660C, Canon 17-85 EF-S, Tamron 10-24 and a wife who shares my obsession.

                      Comment

                        #12
                        Re: Interesting!!!

                        Originally posted by AndyMulhearn View Post
                        In some ways I wonder whether this very public announcement actually helps. The man in the street can't really fix it, it would make much more sense for the vulnerability to be patched and released, along with stuff like OpenVPN which uses it, before any kind of announcement. This way sleazy hackers who weren't aware of it get a heads up and could start making use of it. All very odd.
                        That is precisely what I heard was done on BBC Radio 2's news at the start of the week. That the vulnerability had been patched and sorted a week or so previously in secret, and that going public this week was only done after giving companies the chance to rectify the situation first.

                        From what has been released by the press so far, the vulnerability was plugged last week, this week it's check your passwords time. Reading between the lines, I wonder if there's any need for the panic because the vulnerability's no longer there, and there was no evidence to show that the Heartbleed bug had exploited the hole in all the time it was at risk, or if the bug was even capable of doing so.

                        I think the media and IT outlets have handled this one very poorly. Hysteria comes to mind.
                        Last edited by NickM; 12-04-2014, 00:38.
                        I'm the first to rush to help people, yet it's not okay to respond to a misinformed remark. You don't deserve my custom, patronage or help, so taking it elsewhere.

                        Comment

                          #13
                          Re: Interesting!!!

                          Thanks. For these updates

                          Tom

                          Comment

                            #14
                            Re: Interesting!!!

                            Heartbleed hacks hit Mumsnet and Canada's tax agency
                            Heartbleed hacks hit Mumsnet and Canada's tax agency
                            http://www.bbc.co.uk/news/technology-27028101
                            Parenting site Mumsnet and Canada's tax collecting agency say that hackers exploiting the Heartbleed bug have stolen data.


                            Hmm, maybe we should be taking this seriously.
                            I'm the first to rush to help people, yet it's not okay to respond to a misinformed remark. You don't deserve my custom, patronage or help, so taking it elsewhere.

                            Comment

                            Previous template Next
                            Working...
                            X