heartbleed & change password

servermx

servermx

servermx.com
According to heartbleed.com web-site the compromised personal data are relevant to X.509 certificates (used in the SSL comunication) and NOT the millions of password of email accounts inside the database in google, yahoo, aol... etc etc. For this reasons to change the password for our email accounts is completely useless.
 
EQ Admin

EQ Admin

EQ Forum Admin
Staff member
Your statement is incorrect.

The problem isn't with access to the databases but with access to the passwords temporarily available to be stolen from memory when a user logs in.

Many email services use SSL for encrypting web based access (HTTPS port 443) and POP3+SSL (port 995) and/or IMAP+SSL (port 993) access.

Lots of those services use the vulnerable versions of OpenSSL because of the SSL upgrades that were recently required for addressing the BEAST vulnerability.

Both Gmail and Yahoo Mail recommend that users change their passwords.

I recommend enabling 2 factor authentication for services that support it too.

More information - http://www.emailquestions.com/email-articles/9175-heartbleed-average-user-server-owner.html
 
You must log in or register to reply here.

Similar threads

EQ Admin
Heartbleed for the average user and server owner
Replies
2
Views
6K
EQ Admin
EQ Admin
S
How do I change my username
Replies
0
Views
63
Sue Johnson
S
K
Email Communication After Password Change
Replies
0
Views
3K
kaliqubes
K
S
How to change line spacing
Replies
0
Views
3K
SWRetiree
S
Latest Questions
change number of emails per page
Replies
0
Views
1K
Latest Questions
Latest Questions
Top