Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

PFuller asked in Computers & InternetSecurity · 7 years ago

Heartbleed - traffic required?

Trying to make sure I understand one aspect of the Heartbleed vulnerability correctly... For your information to get compromised, you need to actually have used the site while the vulnerability existed, right? It's not my password stored in a database that's exposed, but the traffic created when I visit the website? In other words, if I registered at some website 3 years ago and haven't returned since, I've got nothing to worry about from that site?

Thanks.

3 Answers

Relevance
  • Jamie
    Lv 7
    7 years ago
    Favorite Answer

    Like Dustin said, from what I understand about the Heartbleed bug, one must actually visit the website in question in order for their data to become compromised.

    Below is a link to a Wikipedia article about the Heartbleed bug, which you may want to check out.

    http://en.wikipedia.org/wiki/Heartbleed

    Additionally, below is a link to an episode of the Security Now! podcast, from the TWiT Netcast Network, where the Heartbleed bug is discussed by Leo Laporte and Steve Gibson.

    http://twit.tv/show/security-now/450

    However, it wouldn't be a bad idea to change your passwords anyway, especially on the websites that were affected by the Heartbleed bug, just to be safe.

    Best of luck and I hope I helped you!

  • 7 years ago

    Whenever you open a session with a server, the SSL was leaking 56kB of data every second or so. Because everytime the server would ping to see if you are still there (We call this a heartbeat) then RANDOM data would be leaked. The data is encrypted but if the hacker that was probing this were lucky enough to get their encryption key from a heartbeat... They could decrypt all the data that they got from that server's database. (Passwords, Documents, Pictures, etc.)

    This bug has been in effect for about 2 years now.

    Anything in that server's database can be theirs if they are lucky.

  • ?
    Lv 6
    7 years ago

    You are correct. From what i understood the vulnerability exploits the Ram of the server to get the info.

Still have questions? Get your answers by asking now.