I have a store on a Yahoo Merchant Solutions platform and since becoming aware of Heartbleed I have tested it multiple times on the two different test sites and it still doesn't pass! I've called Yahoo tech support daily and all I get is a busy signal. From personal experience, the Heartbleed issue has NOT been fixed!
UPDATE: Today I again tested just the secure checkout section of our stores online shopping cart... AND IT PASSED!!! YAY!!! :D
Blue Sky
2014-04-12 05:27:49 UTC
I read yesterday that Yahoo fixed this issue. But why haven't they sent out a mass email to everyone asking us to change our passwords? Heartbleed has been around since 2012, so If the hackers wanted anyones personal info they would have gotten it by now.
2014-04-12 06:23:05 UTC
Mass mailings are often used to distribute spam, or worse, so people have become leery of these unsolicited notices: be they legit or not.
Rather than rely on e-mail notices, or the say-so of a website, test the condition of the SSL/TLS servers of all sites you visit:
Here's a service that examines a site's servers for several SSL/TLS configurations, with a specific test for the "Heartbleed" flaw:
https://www.ssllabs.com/ssltest/index.html
Bookmark that so it's handy, and test each of your high high-value sites before you interact with them; then change password if it gets the OK on the "Heartbleed" fix. (although the test gives 'grades' for the entire sties secure servers and should be considered)
little_l
2014-04-16 21:31:31 UTC
Yahoo! has patched their system. However, it did have a version of the OpenSSL software that was affected. So you should change your password for your Yahoo! account.
2014-04-11 23:36:57 UTC
Heartbleed isn't a virus. It's a implementation vulnerability in the OpenSSL library.
Jake
2014-04-14 00:07:03 UTC
Hello madrider317,
Heartbleed is not a virus. It just an implementation error which had committed while execution in library.
So the problem is programming error (Bug), but it is not a virus.
:)
ⓘ
This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.