Heartbleed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, Paypal,
Just logged in today to change my password after the revalations about Heartbleed, and was astounded that you didn't preemptively force a password reset.
For those reading this who don't know, Heartbleed is a vulnerability in, basically, the underpinnings of secure Web traffic (the OpenSSL implementation of the TLS/SSL protocol), which makes it possible for hackers to potentially get your passwords right out of a server's RAM. It is prudent, with the revalation, to change all your passwords soon - especially those protecting sensitive data like card numbers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interesting. According to that last post, Paypal is saying they are secure, yet when check paypal.com with Lastpass' heartbleed detector (https://lastpass.com/heartbleed/) they say paypal.com is NOT safe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Lastpass website makes a general estimation of whether a site is either: not vulnerable, or *possibly* vulnerable. Lastpass would not be able to realibly ascertain which SSL provider a website uses, and even then, which version was used. Lastpass looks for evidence of the http server, Apache for example, and estimates that there is a possibility because a vulernable version of OpenSSL *could* have been installed with Apache.
A real-life anaology would be a website checking a VIN number on a car for sale, and saying it may be totally damaged by flood water, just because the car was in a state where a flood occured in the past.
That being said, Lastpass was a great resource for people whom wanted to change their passwords, and needed a place to start... possible vulnerable site first.
Today using Lastpass on https://paypal.com creates a not vulernable message. https://lastpass.com/heartbleed/?h=paypal.com
As already said in a previous post, PayPal announced that were not affected by heartbleed. https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Latest reading on LastPass (as of 8:15pm CT)
Site: www.paypal.com
Server software: Apache-Coyote/1.1
Was vulnerable: No
SSL Certificate: Safe (regenerated 2 months ago)
Assessment: This server was not vulnerable, no need to change your password unless you have used it on any other site!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Paypal says it is safe from Heartbleed. https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are...
- « Previous page
-
- 1
- 2
- Next page »
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.