Heartbleed Bug

[sky121]

Not sure I'm following. Where is your phone connected to via open SSL that you would need a patch?

Sorry. I'm not a huge tech person. I understood that the phones themselves had the bug and could therefore affect and see anything I was doing. Is my phone secure? What's with app that tells you if heartbleed is on your phone or not? And if it is, what do you do?

[Joe4007]

Sorry. I'm not a huge tech person. I understood that the phones themselves had the bug and could therefore affect and see anything I was doing. Is my phone secure? What's with app that tells you if heartbleed is on your phone or not? And if it is, what do you do?

No worries, I'm no expert either. From what I understand though it has nothing to do with your phone. It's just spyware that was used to intercept communications between users and websites using open SSL as their encryption. Based on what I've read I'd say your phone is secure.

I'm not sure what app you're referring to, but if you mean LastPass, that's a website providing a service that stores your usernames and passwords for you and they're now giving their customers information on what websites they should change their passwords due to those sites having this Heartbleed issue.

[sky121]

https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector

[pizzahut]

operating system plays a part in this. the less people that use the systems the smaller the chance that people will exploit it.

[AnonymousUser]

operating system plays a part in this. the less people that use the systems the smaller the chance that people will exploit it.

-10. OS has nothing to do with it. This is purely a flaw in OpenSSL, so it only depends on which site you use.

[Ergel]

-10. OS has nothing to do with it. This is purely a flaw in OpenSSL, so it only depends on which site you use.

+1. Please don't spew things you clearly know nothing about

[Euclid]

-10. OS has nothing to do with it. This is purely a flaw in OpenSSL, so it only depends on which site you use.

Well, in a sense, Windows Server doesn't use OpenSSL so sites running via IIS aren't susceptible. So it is (indirectly) dependant on the OS. http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx

[AnonymousUser]

Well, in a sense, Windows Server doesn't use OpenSSL so sites running via IIS aren't susceptible. So it is (indirectly) dependant on the OS. http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx

Well, technically you might be right, but I don't think he was referring  to the OS running on the server, rather the OS being run by the user.
Additionally, check out the section titled "Is it only sites on Apache and nginx that are affected?" on this page. Even if you have a farm of only IIS servers, if you have a load balancer in front of them, it might be running OpenSSL.

[Euclid]

Well, technically you might be right, but I don't think he was referring  to the OS running on the server, rather the OS being run by the user.
Additionally, check out the section titled "Is it only sites on Apache and nginx that are affected?" on this page. Even if you have a farm of only IIS servers, if you have a load balancer in front of them, it might be running OpenSSL.

Oh cool, thanks for that link - didn't think of that scenario.

[AnonymousUser]

Oh cool, thanks for that link - didn't think of that scenario.

I plagiarized that second paragraph from a comment on a different site, I don't remember which. GIYF.