# Warning: Heartbleed Bug affects 500px.com, flickr.com, et al!!



## RustyTheGeek (Apr 10, 2014)

*FYI - For those of you that haven't heard the news about the HEARTBLEED SSL BUG...

There are many websites that are vulnerable to the bug until they are patched.*

*Affected PHOTO sites include 500px.com and flickr.com.*

(As listed here... https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt)

*Also, I just tested the vonage.com login page and it is also affected.*

*Go to these sites to test (paste in the address of) the URL of the https login page before you use or login to the site again. There is also a Chrome Extension linked at the filippo site.*
*https://www.ssllabs.com/ssltest* OR *http://filippo.io/Heartbleed/*


----------



## traingineer (Apr 13, 2014)

RustyTheGeek said:


> *FYI - For those of you that haven't heard the news about the HEARTBLEED SSL BUG...
> 
> There are many websites that are vulnerable to the bug until they are patched.*
> 
> ...



Thank you for the info!


----------



## jrista (Apr 13, 2014)

It isn't just these sites. OpenSSL is used in about 70% of web servers running open-source operating systems and web server software. It's also used for the majority of email servers, and OpenSSL is used ALL OVER the place for all kinds of other things.

This bug is really a disaster...you can no longer simply rely on the notion that if you are in SSL, your safe. It will take weeks at least for really critical sites to upgrade to the patched SSL version, and it could take months or years for the majority of affected servers to be patched. 

That basically means you can no longer trust that when your browser says your secure (i.e. it's using SSL over HTTPS), that you actually are secure. 

Trust nothing anymore, ppls!  Web site security is now a highly nebulous thing. Unless you directly verify that the server is using OpenSSL 1.0.1g (or something else entirely, like Windows Server which is not affected), I wouldn't trust ANY web site under SSL for a while.


----------



## Mt Spokane Photography (Apr 14, 2014)

My online store was affected, but was patched within 24 hours of the announcement.


----------



## traingineer (Apr 14, 2014)

Valve has also been affected.


----------

