Tumblr are urging users to change their passwords - all of them - for every secure site they use due to the OpenSSL Heartbleed bug.
The bug which can allow the capture of the encryption keys from the servers memory, while leaving no trace of the attack apparently could affect up to 50% of the servers on the Internet.
It's times like these i'm glad I have a unique password for every website I have an account for.
System:Atari 2600 CPU:8-bit 6507 (1.19MHz) RAM:128 bytes Colours: 16 (4 on screen) Resolution: 192x160Originally Posted by The Mock Turtle
I've recently started to use LastPass after a routine self-google revealed some user info on me, albeit redundant, on a russian hacker site.
I'm not saying it's an infallible solution but I'm now rotating random generated passwords for over 40 sites in the hope that I'm making my online identity as hard as reasonably possible to 'crack'.
There's always that niggling doubt that says, "what happens if LastPass gets hacked?" but how far do you go with paranoia before you give up and go completely offline?
Well with the way LastPass works, an attacker would have to do a heck of a lot more than break into their servers to gain anything useful. IIRC LastPass themselves never gets access to your plaintext password or your actual encryption key. If you use a very simple dictionary password and an attacker has plenty of computing resources then it might be a different story, of course, but even then they use key stretching to add greatly to the complexity of an attack - it's not like these websites that use single-round, unsalted MD5 hashes for their logins.
Indeed, LastPass have confirmed that even though they have been affected by HeartBleed, no user data can have been leaked due to the unique way that their servers never get to see your data.
This was the reason I chose to entrust my passwords with their service, whether this decision bites me in the arse later in life we shall see but for now I feel a lot less lubed-up-and-bent-over than a lot of people I know right now.
Done my Hexus password, only another 500 or so to go
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote