Guest Guest6235 Posted April 18, 2014 Report Share Posted April 18, 2014 Hi, not sure if this is the place to put this thread but thought I might warn some people, I may be told off for putting it on here. Apparently if you use the Tapatalk app for the PP forum or any other for that matter your password etc can be compromised. I have been using this for the last few days but have now cleared all data/cache for the app off my phone and now uninstalled it. I am going to change my PP password just in case anything has been compromised. GMail, Outlook, Twitter, FB, Instagram etc are also vulnerable to this, I only use Twitter and Outlook but things seem OK at the moment. I was talking to my mate today who uses Tapatalk for another forum and something flashed up on his phone about it. Most people may be OK so it's up to the individual if they carry on using it until the virus has been sorted. Cheers Quote Link to comment Share on other sites More sharing options...
Finland Posted April 19, 2014 Report Share Posted April 19, 2014 Good post Keefo. I think they just prefer calling it a bug and not a virus, as Heartbleed is inherent to the structure of the code. NSA has been exploiting the Heartbleed for intelligence for years already. Mr Hyppönen (quoted below) is one of the most prominent internet security experts at the moment (follow @mikko on twitter for some nerdy fun). (Reuters) - Security experts warn there is little Internet users can do to protect themselves from the recently uncovered "Heartbleed" Internet threat that exposes data to hackers, at least not until vulnerable websites take steps to secure their communications. The Heartbleed bug in widely used web encryption technology known as OpenSSL affects software on servers that host websites. That software is not used on personal computers or mobile devices, so even though the bug exposes passwords and other data entered on those devices to hackers, it must be fixed by website operators. "There is nothing users can do to fix their computers. They have to rely on the administrators of the websites they use," said Mikko Hypponen, chief research officer with security software maker F-Secure of Helsinki. The bug has potential to affect users of some of the world's biggest websites because OpenSSL is used on about two-thirds of all web servers and has gone unnoticed for about two years. It could lead to the theft of passwords, confidential communications, credit card numbers and other confidential data. "On a scale of 1 to 11, it's about an 11," well-known cryptologist Bruce Schneier said of the severity of the bug, speaking on the sidelines of the Source Security conference where he spoke on surveillance and security issues. "It's easy to do, it's so damaging and it leaves no trace." It is possible that hackers stole the keys that encrypt traffic as it travels between web servers and Internet users, though researchers have yet to any evidence that actually happened, said Schneier, chief technology officer of Co3 Systems Inc. He called on Internet firms to revoke the certificates and keys used to encrypt Internet traffic with web browsers including Firefox, Microsoft Corp's Internet Explorer and Google Inc's Chrome. Once they do that, they should upgrade to a new version of OpenSSL that is not vulnerable to the bug, create new certificates and keys, then advise their users to change passwords, which may have been stolen by hackers, Schneier said. Yahoo Inc and Facebook Inc told Reuters on Tuesday that they use OpenSSL and have already taken steps to mitigate any impact to their users, though it was not immediately clear if they had followed all of the steps recommended by Schneier. The finding of the Heartbleed vulnerability, by researchers with Google and Codenomicon, a small security firm, prompted the U.S. Department of Homeland Security to advise businesses on Tuesday to review servers to see if they were using vulnerable versions of OpenSSL. Hypponen said computer users could immediately change passwords on accounts, but they would have to do so again if their operators notify them that they are vulnerable and once they have followed steps to clean up the mess. "Take care of the passwords that are very important to you," he said. "Maybe change them now, maybe change them in a week. And if you are worried about your credit cards, check your credit card bills very closely." Quote Link to comment Share on other sites More sharing options...
Levi Posted April 19, 2014 Report Share Posted April 19, 2014 Heartbleed is not a virus, it's a security bug, see more here : https://en.wikipedia.org/wiki/Heartbleed Quote Link to comment Share on other sites More sharing options...
Guest Guest6235 Posted April 19, 2014 Report Share Posted April 19, 2014 Yeah thanks for that. It was a post to generally warn people about it. Various tech sites call it a bug or virus, wiki choose to call it a bug. If people have tapa talk they can make there own minds up. Quote Link to comment Share on other sites More sharing options...
elizabethkolo Posted April 20, 2014 Report Share Posted April 20, 2014 Yikes! Cheers for the heads up Keefo. Quote Link to comment Share on other sites More sharing options...
portlaunay Posted April 21, 2014 Report Share Posted April 21, 2014 Rushing in and changing passwords is rather pointless until the bug is fixed. Doing so would be a little like changing the locks in your house when you know the burglar has a skeleton key. Once they've closed the gap then make the changes but doing so now will not protect you, no matter what the provider tells you. Quote Link to comment Share on other sites More sharing options...
Stefan Posted April 27, 2014 Report Share Posted April 27, 2014 (edited) If you want a simple way to understand how it works, have a look here......... http://www.digitaltrends.com/computing/the-heartbleed-bug-explained-by-a-web-comic-xkcd/#!F5pJd Stef Edited April 27, 2014 by Stefan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.