heartbleed & change password

Discussion in 'General' started by servermx, May 4, 2014.

  1. servermx

    servermx servermx.com

    Joined:
    Nov 4, 2013
    Messages:
    21
    Likes Received:
    0
    According to heartbleed.com web-site the compromised personal data are relevant to X.509 certificates (used in the SSL comunication) and NOT the millions of password of email accounts inside the database in google, yahoo, aol... etc etc. For this reasons to change the password for our email accounts is completely useless.
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Your statement is incorrect.

    The problem isn't with access to the databases but with access to the passwords temporarily available to be stolen from memory when a user logs in.

    Many email services use SSL for encrypting web based access (HTTPS port 443) and POP3+SSL (port 995) and/or IMAP+SSL (port 993) access.

    Lots of those services use the vulnerable versions of OpenSSL because of the SSL upgrades that were recently required for addressing the BEAST vulnerability.

    Both Gmail and Yahoo Mail recommend that users change their passwords.

    I recommend enabling 2 factor authentication for services that support it too.

    More information - http://www.emailquestions.com/email-articles/9175-heartbleed-average-user-server-owner.html
     

  3. servermx

    servermx servermx.com

    Joined:
    Nov 4, 2013
    Messages:
    21
    Likes Received:
    0
    Thank you for your explanation, it is more clean now
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...