Has Yahoo! fixed its Heartbleed vulnerability?

Question

I'd like to know whether Yahoo! has fixed its Heartbleed vulnerability and gotten "new cryptographic locks"?

I'm so glad that I don't do anything really important through Yahoo!

Darcy Fitz · Accepted Answer

Thanks for asking about this question! This was an exploit existing in software used by a wide variety of websites, and has been the subject of much work and scrutiny by many website operators!

For Yahoo's official response to this about the work we've done and are doing to ensure this does not exist on any of our servers, please have a look at:

https://help.yahoo.com/kb/SLN24021.html

You can also use the following website tool (which is not affiliated with Yahoo) to check your favorite sites to ensure they are not vulnerable to this exploit:

http://filippo.io/Heartbleed/

Thank you for checking on the status of this issue, and I hope you find this helpful!

jj · Answer

Yes, it has.

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

Oh, and FYI, it has nothing to do with Yahoo, it has to do with OpenSSL, which the most widely used SSL on the internet.

? · Answer

Who knows, who cares.

It's been around for 2 years if they wanted your email they would have gotten it already.

but since yahoo was used in news articles as an example i'd say yes.

Anonymous · Answer

You should check - http://thehackernews.com/ to know more.

Blue Sky · Answer

From what I have just read about it, Yahoo has fixed it but one would think they would have the courtesy to email us and tell us it's ok to change our passwords. I agree with everyone else, if scum bags wanted our passwords they would have gotten them by now. But wait until you hear from the sites you log into to change your passwords. Otherwise you might have to do it again.

Trending News

Has Yahoo! fixed its Heartbleed vulnerability?

5 Answers