[X] My Assistant

did the site revoked its previous certificate at the same time the cert was reissued?

This post has been edited by redsecret: Apr 12 2014, 20:41

The answer is to use a password manager, at least until Steve Gibson's SQRL comes into its own, then?

Heartbleed is (was?) a server-side implementation flaw; a password-manager on the client side is not going to help much (unless you intend to change password very frequently, in which case it may help keeping track of them)
Also...

Steve Gibson

[attrition.org] Mandatory attrition link

Thanks for the heads-up Tenboro, guess I will be filing my taxes the old-fashioned way until the the USA govt fixes their junk.

[www.bbc.com] http://www.bbc.com/news/technology-27028101

Here's a few ideas that might help:

My most important accounts use MFA (Multi-Factor Authentication)

That means either a Personal image/phrase or a 6 digit number sent by SMS in addition to the password in order to log in.


I use LastPass to generate strong passwords and their $12 annual subscription to access my passwords in the cloud.

I also know an onscreen keyboard is not vulnerable to keystroke loggers, because all they get are mouse clicks.

Finally when choosing an answer to a challenge question, I don't use information that can be easily looked up such as the high school I attended or an employer.

I'm hoping this throws a few chairs in the way of the bad guys.

sent by SMS

(IMG:[invalid] style_emoticons/default/rolleyes.gif)

There have been instances where authenticator output has been intercepted, I think it either requires a bug in the way the numbers are generated or root-kits to be installed in the past.

If an attacker or Indian Microsoft tech support scammer have remote access using an onscreen keyboard won't do much.

(IMG:[invalid] style_emoticons/default/rolleyes.gif)

I don't use Windows, so there goes remote access or rootkits.

They would have to intercept that code, best way is to take my phone.

But then that would be the least of my problems.

I'm open to better ideas.

This post has been edited by j1776: Apr 15 2014, 05:58

There have been instances where authenticator output has been intercepted, I think it either requires a bug in the way the numbers are generated or root-kits to be installed in the past.

If an attacker or Indian Microsoft tech support scammer have remote access using an onscreen keyboard won't do much.

Well providing I use Windows for my important internet work. (IMG:[invalid] style_emoticons/default/smile.gif)

I've had years of knowing how to secure Windows, but even then, it's a crook magnet. There are teams of professional hackers who do this 24/7 and Windows is their target. Cryptolocker finally got me to change.
I wasn't hit by it, but I know it's time to get out of Dodge. (IMG:[invalid] style_emoticons/default/mellow.gif)

I still use my Dell laptop, but I keep important files and business away from it.

Now it's Android devices. But there's an app that can check your phone.

[www.huffingtonpost.com] http://www.huffingtonpost.com/2014/04/15/h..._n_5153812.html

This post has been edited by j1776: Apr 16 2014, 03:40

Im surprised folks just read that news today from this pages comments.

damn. this is scary.

Well, only hope someone can fix it.

I don't understand any of this. It only flips my paranoia switch ON.

What

The internet is not exactly a safe haven... so the more reason for us to be exercise caution and change your passwords! :S

Fine, I didn't like my dumb smart phone anyways, it was probably long past time to change it.

Forgot to mention there was a way to detect heartbleed in the wild now
Can source check code on Github
[filippo.io] https://filippo.io/Heartbleed/