Showing results for 
Search instead for 
Did you mean: 


New Community Member

Re: Heartbleed

Interesting.  According to that last post, Paypal is saying they are secure, yet when check with Lastpass' heartbleed detector ( they say is NOT safe.




Re: Heartbleed

The Lastpass website makes a general estimation of whether a site is either: not vulnerable, or *possibly* vulnerable. Lastpass would not be able to realibly ascertain which SSL provider a website uses, and even then, which version was used. Lastpass looks for evidence of the http server, Apache for example, and estimates that there is a possibility because a vulernable version of OpenSSL *could* have been installed with Apache.


A real-life anaology would be a website checking a VIN number on a car for sale, and saying it may be totally damaged by flood water, just because the car was in a state where a flood occured in the past.


That being said, Lastpass was a great resource for people whom wanted to change their passwords, and needed a place to start... possible vulnerable site first.


Today using Lastpass on creates a not vulernable message.


As already said in a previous post, PayPal announced that were not affected by heartbleed.


New Community Member

Re: Heartbleed

Latest reading on LastPass (as of 8:15pm CT)



Server software: Apache-Coyote/1.1

Was vulnerable: No

SSL Certificate: Safe (regenerated 2 months ago)

Assessment: This server was not vulnerable, no need to change your password unless you have used it on any other site!


New Community Member