Reply to topic
sbradfor69 New Community Member
New Community Member
Posts: 1
Kudos: 0
Accepted Solutions: 0

Re: Heartbleed

Interesting.  According to that last post, Paypal is saying they are secure, yet when check paypal.com with Lastpass' heartbleed detector (https://lastpass.com/heartbleed/) they say paypal.com is NOT safe.

 

 

Reply
0 Kudos
vincentkezel Contributor
Contributor
Posts: 16
Kudos: 1
Accepted Solutions: 0

Re: Heartbleed

The Lastpass website makes a general estimation of whether a site is either: not vulnerable, or *possibly* vulnerable. Lastpass would not be able to realibly ascertain which SSL provider a website uses, and even then, which version was used. Lastpass looks for evidence of the http server, Apache for example, and estimates that there is a possibility because a vulernable version of OpenSSL *could* have been installed with Apache.

 

A real-life anaology would be a website checking a VIN number on a car for sale, and saying it may be totally damaged by flood water, just because the car was in a state where a flood occured in the past.

 

That being said, Lastpass was a great resource for people whom wanted to change their passwords, and needed a place to start... possible vulnerable site first.

 

Today using Lastpass on https://paypal.com creates a not vulernable message. https://lastpass.com/heartbleed/?h=paypal.com

 

As already said in a previous post, PayPal announced that were not affected by heartbleed. https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are...

 

Reply
0 Kudos
Starspeed New Community Member
New Community Member
Posts: 1
Kudos: 0
Accepted Solutions: 0

Re: Heartbleed

Latest reading on LastPass (as of 8:15pm CT)

 

Site: www.paypal.com

Server software: Apache-Coyote/1.1

Was vulnerable: No

SSL Certificate: Safe (regenerated 2 months ago)

Assessment: This server was not vulnerable, no need to change your password unless you have used it on any other site!

 

Reply
0 Kudos
IamBill46 New Community Member
New Community Member
Posts: 1
Kudos: 0
Accepted Solutions: 0

Re: Heartbleed

Reply
0 Kudos
Announcements
If you are using Internet Explorer 8 take note. We’ll upgrade our communities in July and if you are using IE8 you won’t have a fully functional experience. Please upgrade your browser to Internet Explorer 9, 10 or 11. There will be no changes to your community experience if you are using IE 9, 10, 11, Chrome, Firefox or Safari.
Welcome, guest
Top Kudoed Authors