cplusplus.com heartbleed
Hey everyone.
To anyone that doesn't know, the Heartbleed bug [ http://heartbleed.com/ ] was announced earlier this week.
I noticed that cplusplus.com is running Apache...
My questions are
- is this site vulnerable?
- if we login through an outside service (e.g. Google) are our credentials safe?
- if either of the above are true, when will this be patched?
Also, anyone have some big websites you use that are vulnerable? I'm sure everyone here would like to know.
Thanks in advance!
To anyone that doesn't know, the Heartbleed bug [ http://heartbleed.com/ ] was announced earlier this week.
I noticed that cplusplus.com is running Apache...
|
|
Server: Apache/2.2.22 (Debian) |
My questions are
- is this site vulnerable?
- if we login through an outside service (e.g. Google) are our credentials safe?
- if either of the above are true, when will this be patched?
Also, anyone have some big websites you use that are vulnerable? I'm sure everyone here would like to know.
Thanks in advance!
Last edited on
This is a time to contact the site administrator. Not really sure what the recommended channel for doing so is. Might try the "contact us" link at the bottom of the page first.
| is this site vulnerable? |
| if we login through an outside service (e.g. Google) are our credentials safe? |
| if either of the above are true, when will this be patched? |
| Also, anyone have some big websites you use that are vulnerable? |
8 banks
2 payment systems
8 VPN providers
2 largest search engines and mail providers
were compromised.
Also: https://github.com/musalbas/heartbleed-masstest look Overview just below
Last edited on
This forum uses http:// so I don't think it's affected in any way by this bug because http:// is unencrypted.
cplusplus.com:443
I think there was ssl avaliable, but twicker received message from LB and it is gone now. Online heartbleed detectors gives "no ssl" error now when they were giving positives before.
I think there was ssl avaliable, but twicker received message from LB and it is gone now. Online heartbleed detectors gives "no ssl" error now when they were giving positives before.
Last edited on
Thanks for the info everyone. I was clueless as to who to ask, and I knew someone here would. My main concern was with the google and yahoo logins, but I suppose the worst thing that could happen is someone could pose on this site as someone else for a brief time if I'm understanding correctly?
There are a lot of sites not accepting https connections right now. I had trouble getting my package manager to work yesterday. Also, I can't tell about my bank right now because they've taken a sledgehammer approach to blocking outside connections. I just wonder how much it will impact companies that rarely update software anyway.
It's hard to explain to family members that you should change your passwords, but you can't change it now on many websites.
There are a lot of sites not accepting https connections right now. I had trouble getting my package manager to work yesterday. Also, I can't tell about my bank right now because they've taken a sledgehammer approach to blocking outside connections. I just wonder how much it will impact companies that rarely update software anyway.
It's hard to explain to family members that you should change your passwords, but you can't change it now on many websites.
Last edited on
Topic archived. No new replies allowed.