Tuesday, April 15, 2014

The Heartbleed bug is serious

The Heartbleed bug is serious. Disclosed less than two days ago, the Heartbleed bug has sent sites and services across the Internet into patch mode.
For an in-depth explanation of what exactly Heartbleed is, and what it does, read this post by our own Stephen Shankland. In essence, the bug potentially exposed your username and password on sites like Facebook, Google, Pinterest, and more.
Using Alexa.com, we've been going through the list of the top 100 sites in the US, plus a few extras, and asking "Have you patched the Heartbleed bug yet?" Once we have an answer, we will fill in the chart below with the response.
While we wait to hear back, we will be testing the sites against the Qualys SSL Server Test. There may be some instances where the patch isn't detected or a server can not be inspected (the site may be fine, but Qualys can not confirm that), in which case we will mark the site as "be on alert." When a site is marked as such, you should proceed with caution and contact the site or company directly if you have any questions pertaining to your account security.
You may notice some companies will be marked as "was not vulnerable." In that case, the site in question does not use the type of OpenSSL encryption this bug was based on and your data was never at risk.
If you're checking back after seeing earlier versions of this story, you may also notice that some statuses have changed. For instance, the status for Microsoft, MSN, and Live has been updated to "was not vulnerable" once Microsoft confirmed that to be the case.

SiteQualysConfirmation from site
GooglePassVulnerability patched. Password change recommended
FacebookPassVulnerability patched. Password change recommended
YouTubePassVulnerability patched. Password change recommended
Yahoo!PassVulnerability patched. Password change recommended
AmazonPassWas not vulnerable
WikipediaPassVulnerability patched. Password change recommended
LinkedInPassWas not vulnerable
eBayPassWas not vulnerable
TwitterPassWas not vulnerable
CraigslistPassAwaiting response
BingPassVulnerability patched. Password change recommended
PinterestPassVulnerability patched. Password change recommended
BlogspotPassVulnerability patched. Password change recommended
CNNPassWas not vulnerable
LivePassWas not vulnerable
PayPalPassWas not vulnerable
InstagramPassVulnerability patched. Password change recommended
TumblrPassVulnerability patched. Password change recommended
Espn.go.comPassVulnerability patched. Password change recommended
WordpressPassAwaiting response
ImgurPassAwaiting response
Huffington PostNot availableAwaiting response
RedditPassVulnerability patched. Password change recommended
MSNPassWas not vulnerable
NetflixPassVulnerability patched. Password change recommended
Weather.comNot availableVulnerability patched. Password change recommended
IMDbNot availableWas not vulnerable
YelpPassVulnerability patched. Password change recommended
ApplePassWas not vulnerable
AOLPassAwaiting response
MicrosoftPassWas not vulnerable
NYTimesPassAwaiting response
Bank of AmericaPassWas not vulnerable
AskNot availableWas not vulnerable
Fox NewsPassWas not vulnerable
ChasePassWas not vulnerable
GoDaddyPassVulnerability patched. Password change recommended
AboutNot availableWas not vulnerable
BuzzFeedPassAwaiting response
ZillowPassWas not vulnerable
Wells FargoPassWas not vulnerable
EtsyPassVulnerability patched. Password change recommended
XVideosNot availableVulnerability patched. Password change recommended
WalmartPassWas not vulnerable
CNETPassWas not vulnerable
PandoraPassWas not vulnerable
xHamsterPassAwaiting response
PornHubPassWas not vulnerable
ComcastPassAwaiting response
Stack OverflowPassVulnerability patched. Password change recommended
SalesforcePassWas not vulnerable
Daily MailBe on alertAwaiting response
VimeoPassVulnerability patched. Password change recommended
ConduitPassAwaiting response
FlickrPassVulnerability patched. Password change recommended
ZedoNot availableWas not vulnerable
ForbesNot availableWas not vulnerable
LiveJasminNot availableVulnerability patched. Password change recommended
USPSPassVulnerability patched. Password change recommended
IndeedPassAwaiting response
HuluPassWas not vulnerable
AnswersPassWas not vulnerable
HootSuitePassWas not vulnerable
Amazon Web ServicesPassAwaiting response
AdobePassAwaiting response
BloggerPassVulnerability patched. Password change recommended
DropboxPassVulnerability patched. Password change recommended
Reference.comPassWas not vulnerable
AWeberPassWas not vulnerable
UPSPassWas not vulnerable
IntuitPassAwaiting response
NBC NewsPassAwaiting response
USA TodayPassWas not vulnerable
OutbrainPassVulnerability patched. Password change recommended
The Pirate BayPassAwaiting response
The Wall Street JournalPassAwaiting response
Bleacher ReportPassAwaiting response
Constant ContactPassWas not vulnerable
WikiaPassVulnerability patched. Password change recommended
CBSSportsPassWas not vulnerable
Publishers Clearing HousePassAwaiting response
Washington PostNot availableVulnerability patched. Password change recommended
TargetPassWas not vulnerable
Drudge ReportBe on alertAwaiting response
TripAdvisorPassWas not vulnerable
FedExPassWas not vulnerable
Capital OnePassWas not vulnerable
wikiHowNot availableWas not vulnerable
Googleusercontent.comPassVulnerability patched. Password change recommended
GrouponPassWas not vulnerable
Best BuyPassAwaiting response
AT&TPassAwaiting response
Home DepotPassAwaiting response
TruliaNot availableWas not vulnerable
TMZPassAwaiting response
FeedbinPassVulnerability patched. Password change recommended
PinboardPassVulnerability patched. Password change recommended
GetPocketPassVulnerability patched. Password change recommended
IFTTTPassVulnerability patched. Password change recommended
ManageWPPass

Was not vulnerable

PayScale

Pass

Was not vulnerable

OKCupid

Pass

Vulnerability patched. Password change recommended

Dillard's

Pass

Was not vulnerable

NetZero

Not available

Was not vulnerable

Classmates

Not available

Was not vulnerable

MyPoints

Pass

Was not vulnerable

Orbitz

Pass

Was not vulnerable


This list is going to be live and constantly updated; please return to view the latest information as we get it.
CNET's Seth Rosenblatt contributed to this report

No comments:

Post a Comment

Como ser un emprendedor

Emprendimiento prof javier romero from romeprofe