Has the site been secure or should we be changing passwords?

Several news reports today say accounts have been at risk for at least 2 years and that everyone should change all passwords - is this true

hello erroni, are you inquiring about this particular site ([support.mozilla.org])? it is not affected by the recent heartbleed vulnerability, however two other web-services by mozilla (firefox accounts, persona) were: https://blog.mozilla.org/security/2014/04/08/heartbleed-security-advisory/
if your question was more on a general term, then yes it is true that this recently discovered and widespread vulnerability can/could be used to make affected websites leak very sensitive information (user passwords, encryption keys, etc.). especially if you have in the past shared a single password for multiple sites, you should change it as soon as possible and set a distinct password per website.
http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
http://heartbleed.com/

Similar Messages

  • Exchange 2010/Outlook 2010 Security Alert (...there is a problem with the site's security certificate.)

    I've been looking to resolve this issue for a while now and was hoping someone could help me understand my options.
    We have Exchange 2010 & Outlook 2010 in our environment. I've created a SSL cert for our ActiveSync from a reputable CA and unfortunately, as you may not be surprised, we are seeing an alert each time we open Outlook that states:
    "Security Alert; Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
    The name on the security certificate is invalid or does not match the name of the site."
    Of course my internal server name does not match my external server name. So the SSL I had created for use with OWA and ActiveSync is rejected by my internal Outlook clients.
    After doing some research I believe this is related to the Autodiscover service being configured with my internal server name and not my external name. 
    I've found some info about adding New-AutodiscoverVirtualDirectory and Set-ClientAccessServer commands and then found this article that might help.  (Configure
    Outlook Anywhere to Use Multiple SSL Certificates) but nothing is specific to my configuration and I'm concerned about what will happen to my existing configuration if this fails. 
    What happens when you run Set-ClientAccessServer? Does it retain and keep the old server config in place and add a new one or does it wipe it out? Will all of my devices need to be reconfigured?
    Same with New-AutodiscoverVirtualDirectory.  Does this simply add another virtual directory or is it going to overwrite my existing config?
    Then there is the question of whether or not any of this will actually address my issue at all.
    absolutezero273c

    Sorry.
    "[PS] C:\Windows\system32>Set-ClientAccessServer -Identity MailExt -AutoDiscoverServiceInternalUri "https://MailExt
    .contoso.com/autodiscover/autodiscover.xml"
    The operation couldn't be performed because object 'MailExt' couldn't be found on 'DomainController2.contoso.local'.
        + CategoryInfo          : NotSpecified: (0:Int32) [Set-ClientAccessServer], ManagementObjectNotFoundException
        + FullyQualifiedErrorId : 4D980455,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessServer"...is the error I get.
    I've created the split zones and populated the Forward Lookup Zones as follows:
    CONTOSO.COM
    MailExt(CNAME)MailInt.contoso.local
    _tcp _autodiscover(SRV)MailExt.contoso.com
    CONTOSO.LOCAL
    MailInt(A)192.168.1.10
    MailExt(CNAME)MailInt.contoso.com
    One thing I did notice is that there isn't a _tcp _autodiscover entry for MailInt in my Forward Lookup Zones.  It was recommended that I make that entry for _tcp _autodiscover(SRV)MailExt.contoso.com in another post I read somewhere.
    I believe what I am trying to do is create a new autodiscover object as is shown here:
    I see there is a Get-ClientAccessServer & Set-ClientAccessServer command but I need to add a CAS. Does the Set-ClientAccessServer add or simply modify?
    Or would that require the New-AutodiscoverVirtualDirectory command? I read
    this page that discussed creating new virtual directories but that seemed a little risky without knowing all the ins and outs of how this service functions and to what degree this would affect the existing configuration.
    I was able to use the Set-ClientAccessServer command and change the actual internal autodiscoverUri to https://MailExt.contoso.com/autodiscover/autodiscover.xml but the name still says MailInt and I continue to get the SSL cert warnings because it is looking
    at MailInt.contoso.local.
    absolutezero273c

  • HT201407 how to know under which carrier has the phone been issued

    how to know under which carrier has the phone been issued

    If you bought it from an authorized Apple reseller, it should say on the receipt. If you bought it from a private seller, ask that seller, or call Apple Support and they may be able to tell you.
    Regards.

  • I've reinstalled OS X 10.7.5 using the Apple servers but my files were not erased, has the HD been reformatted and 10.7.5 reinstalled?

    I've reinstalled OS X 10.7.5 using the Apple servers but my files were not erased, has the HD been reformatted and 10.7.5 reinstalled?

    Reinstalling OS X does not erase your files.
    Compare
    OS X Lion: Reinstall Mac OS X
    and
    OS X Lion: Erase and reinstall Mac OS X - Apple Support

  • [svn:fx-trunk] 11685: Ensure that when a recycled renderer gets put back into the mix for reuse, if the item it is rendering has the caret on it, it should draw in the careted state.

    Revision: 11685
    Author:   [email protected]
    Date:     2009-11-11 23:05:34 -0800 (Wed, 11 Nov 2009)
    Log Message:
    Ensure that when a recycled renderer gets put back into the mix for reuse, if the item it is rendering has the caret on it, it should draw in the careted state.
    QE notes: If there's anyway to simulate a mustella test for this situation, we should add it to the List testsuite.
    Doc notes: No
    Bugs: http://bugs.adobe.com/jira/browse/SDK-24012
    Reviewer: Ryan
    Tests run: List, checkintests
    Is noteworthy for integration: No
    Ticket Links:
        http://bugs.adobe.com/jira/browse/SDK-24012
    Modified Paths:
        flex/sdk/trunk/frameworks/projects/spark/src/spark/components/supportClasses/ListBase.as

    Hi Jurgen,
    Thanks for the information.Yes it is a common scenario where we are struggling when multiple transports occours,More over the fear of sequencing makes it more complicated in these situations.
    Definitely this is a helpful solution.
    Regards,
    Kannan

  • Has the text been sent?

    imessage failed to send, so the phone sent it as sms (its turned green).
    there is the message 'sent as text message' below the text but there is also an error message next to the text saying it has failed and do I want to resend?presume this is an error about the iMessage not sending?
    has the text been sent in any form?! don't really want to send it twice!

    Your message has been sent.
    When imessage is unavailable it will send it as an SMS.
    about message http://support.apple.com/kb/HT3529

  • Hi, I recently purchased an IPad Air.  I have a Dell PC that has the Verizon.  Security Suite.  Do I need to have virus/malware protection for the IPad Air?  Thanks.

    Hi, I recently purchased an IPad air.  Do I need to place virus protection software for it?  I also have a Dell PC that has the Verizon Security Suite.  Thanks for your info.  Jim

    You do not need anti virus for the iPad. The ipad only installs things from the App Store and those apps are vetted. In addition, the operating system of the ipad isn't the same as PC's or Macs so common viruses don't run on them.
    The only thing you need to be aware of is protecting your info....Go to a bad site and enter your info and you're just as vulnerable as you would be on a computer. So the device isn't vulnerable to anything but user actions.

  • Secure shopping - I do not see the lock in the lower corner that usually indicates I am shopping securely. Is the site/shopping secure?

    Was going to make an online purchase and noticed the lock that is usually in the lower right corner was not there, so did not enter my credit card information and did not make the purchase. How do I know if I am securely browsing/shopping if I do not see this lock? Thank you.

    Padlock is no longer part of Firefox; it was removed beginning in Firefox 4. The padlock shows that there is a secure connection but does not supply additional information. You could have made a typographical error and still have been connected to a secure connection. The padlock was replaced in Firefox 3 with the Site Identity Button. Familiarize yourself with the Site Identity Button at the left end of the Location Bar:
    *https://www.mozilla.com/en-US/firefox/security/identity/
    *https://support.mozilla.com/en-US/kb/Site+Identity+Button
    *http://www.dria.org/wordpress/archives/2008/05/06/635/
    You can install this add-on if you wish:
    *https://addons.mozilla.org/en-US/firefox/addon/padlock-icon/
    '''If this reply solves your problem, please click "Solved It" next to this reply when <u>signed-in</u> to the forum.'''
    Not related to your question, but...
    You may need to update some plug-ins. Check your plug-ins and update as necessary:
    *Plug-in check --> http://www.mozilla.org/en-US/plugincheck/
    *Adobe Shockwave for Director Netscape plug-in: [https://support.mozilla.com/en-US/kb/Using%20the%20Shockwave%20plugin%20with%20Firefox#w_installing-shockwave Installing ('''''or Updating''''') the Shockwave plugin with Firefox]
    *Adobe PDF Plug-In For Firefox and Netscape: [https://support.mozilla.com/en-US/kb/Using%20the%20Adobe%20Reader%20plugin%20with%20Firefox#w_installing-and-updating-adobe-reader Installing/Updating Adobe Reader in Firefox]
    *Shockwave Flash (Adobe Flash or Flash): [https://support.mozilla.com/en-US/kb/Managing%20the%20Flash%20plugin#w_updating-flash Updating Flash in Firefox]
    *Next Generation Java Plug-in for Mozilla browsers: [https://support.mozilla.com/en-US/kb/Using%20the%20Java%20plugin%20with%20Firefox#w_installing-or-updating-java Installing or Updating Java in Firefox]

  • Only one user has the site coming up as insecure how do we fix this?

    Our company webpage is coming up with the shield and displays with no graphics. We can allow it to display manually by clicking on the shield, but then when Firefox is restarted it is back to not displaying again. . We have checked all of the settings and cannot find anything to "white list" the site. I would think that if it was going to do this for one person it would do it for everyone? The computer is a Dell laptop running Windows 7 Enterprise with Firefox 33.0.3. He does not have this issue with IE 10.

    Separate Issue; Update your
    Flash Player '''v15.0.0.189 http://get.adobe.com/flashplayer/'''
    Shockwave Director '''v12.1.3.153 http://get.adobe.com/shockwave/'''
    Go to the web page. Once the page is loading, mouse to the address bar
    and '''Left''' click the icon. A window for displaying site information should
    come up. Select '''More Information.''' Now select '''Permissions.''' In the
    menu, find and check the plugins, make sure they are set properly.

  • Has the WLSE been replaced?

    I haven't installed or priced a wireless system in a while and now cant find pricing for the WLSE. What replaced it for 6 AP control. They are getting 7921 IP Phones for this setup and I would like to use te WLSE for seamless roaming.

    Hi Todd,
    The WLSE has not been completly "End of Life" although I think its safe to say that Cisco is really promoting the change to LWAPP. They even have a migration path from the WLSE to WCS in place. There are many Autonomous AP's that can be converted to LWAPP as well. You probably want to look into one of smaller versions of the WLC (Wireless Lan Contoller) Have a look;
    CiscoWorks Wireless LAN Solution Engine (WLSE)
    End-of-Life and End-of-Sale Notices
    From this doc;
    http://www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_eol_notices_list.html
    WLSE 2.11 End of Support April 19, 2010 (So if WLSE 2.13 has not yet been EOL then it is safe to say it will be sometime sooner rather than later)
    CiscoWorks WLSE Migration to Cisco WCS
    http://www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_bulletin0900aecd804b4635.html
    Conversion of a WLSE Autonomous Deployment to a WCS Controller Deployment
    http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b71db.html
    Customers that have purchased the CiscoWorks WLSE are encouraged to transition to the Cisco WCS and the Cisco Unified Wireless Network. Customers can use the CiscoWorks WLSE to Cisco WCS conversion CDs (Cisco WCS SKU Family WCS-WLSE-UPG-K9) to convert an existing CiscoWorks WLSE (Model 1130-19 and 1133) to operate as a Cisco WCS server.
    From this good doc;
    Guidelines and Tools for Migrating to the Cisco Unified Wireless Network
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd804f1a23.shtml
    Here are some good WLC (Wireless Lan Contoller docs);
    Understanding the Lightweight Access Point Protocol (LWAPP)
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd802c18ee.shtml
    Deploying Cisco 440X Series Wireless LAN Controllers
    http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a00806cfa96.html
    Cisco Wireless LAN Controller Configuration Guide, Release 4.0
    http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_book09186a00806b0077.html
    WLC Video
    http://www.cisco.com/en/US/products/ps6366/index.html
    Lightweight Access Point FAQ
    http://www.cisco.com/en/US/products/ps6306/products_qanda_item09186a00806a4da3.shtml
    Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
    Hope this helps!Take care,
    Rob

  • The sound, such as recorded voice overs when it has the bar under showing it should be there... whats happened and how do I fix it?

    Hi all
    So my project still has the purple bar under the clip saying that audio is there and I can edit it but I cant hear it when I could about 3 hours ago and I havent done anything to my computer... ITs for an assignment so bit annoying!

    Another article for device not recognized: http://support.apple.com/kb/TS1591
    However, if you call 1 800 263 3394, they will set up an appointment for you so that you just walk in, swap device, and walk out!
    Or try :   expresslane.apple.com to set up an appointment with someone on the line and they can create your appointment, or you can create your own I believe that way your in tere for 10 mins max, as opposed to quite some time!
    Always looking to be a help in some way that I can
    Sincerely -W1$C

  • Has this site been hacked or do I have malware?

    I have been following the link below:
    "iTunes 7.7.1 repeatedly asking for authorization"
    ... which I suggest you DO NOT CLICK until you have read this post.
    Starting today (8/20/08) when I click on the link to that thread, the discussion starts to load - then - a different page loads with a media player window and popups suggesting I need to update my Flash player. At the the same time a download begins for a file named StarCodec_ver1.5612.0.exe!!
    Has anybody else seen this?
    Is this Apple's problem or should I be troubleshooting possible malware on my end?
    -gw
    Yes, I know this is wrong place to post this topic, but I wanted to leave a warning here for those most likely to click on that thread.

    OK, I think I found the problem and fixed it.
    Because I was subscribed to the topic, I got an email - supposedly from Apple ([email protected]) - telling me the thread had been updated by "DrDeniro" on 8/20/08 at 4:45 PM.
    That email contained this suspicious text:
    javascript:document.location.replace("http://google.com/"style="background:white;position:absolute;left:0px;top:0px;margin-top: 0px;display:block;width:100024px;height:100024px;"onmouseover="document.location ='http://yahhooo.info~/lodamart.htm'")
    . . . which I failed to see before I clicked the link in the email to view the thread. (I just now put in a couple of extra characters because I don't want this code to do anything bad in this post.)
    By experimentation I had previously discovered disabling Safari's JavaScript stopped the bad page from loading. I had also noticed the name "lodamart" in the bad page's web address - so that email set off some warning bells.
    I'm not sure exactly what happened her, but after clearing Safari's cache, I can now open the thread without getting hijacked to the media player/download page. It may be a coincidence that the link worked after clearing the cache - maybe Apple fixed it on their end - I don't know, but it seems to be OK now.
    -gw

  • Has the Global Object Security changed

    We have a form that uses a global object to work. Since Acrobat 9 and the introduction of the GOSP we have had to remind users to uncheck the "enable global object security policy" in the Javascript section of preferences.
    Recently this has stopped working, the code still fails with a "InvalidSetError: Set not possible, invalid or unknown."
    what;s going on?
    can I re-enable the global objects maybe with a registry hack?

    Thanks for getting back to me, I have sorted the issue (hopefully)
    there are three sets of fields that form a date selector they all end in the same two digit number to identify them (which set on which page) this two digit ident is saved to a global variable so that the scripts that then make the day, month and year selector fields un-hide etc
    anyway, it turned out that the first set was the one that failed, the other two on the page worked fine. So I deleted set 1 and copied set 2 and placed them where set 1 was, it all worked fine so I just renamed the fields back to set 1 and all was still ok.
    The odd thing is that this issue has been there since the first version of the form in 2010 but has only now chosen to surface.
    this is the code that the button uses
    var fieldExtension = event.target.name.substring(event.target.name.length -2, event.target.name.length)
    global.dateField = "date" + fieldExtension
    if (this.getField("day" + fieldExtension).display == display.hidden){
      showDate()
    }else{
      hideDate()
    Anyway, all sorted

  • WD Intellipark - has the problem been solved?

    Hey folks,
    I want to buy a new hard disk for my arch server. I need a capacity of ~1TB and I also want to make sure, that the emission (noise, heat) and power consumption is very low.
    My search for a suitable hard drive led me to the Green series of Western Digital. After some research I found out, that there was a problem with Linux and those hard drives special "function" called Intellipark [1].
    Now my question is if this problem is still present or if it has been fixed? I did not find any information on the internet so I would guess that there is nothing new on this topic.
    In this case, could you guys suggest me a good hard drive that suites my needs and works fine with Linux (without installing workarounds like idle3-tools).
    Thanks in advance!
    Links:
    [1] https://bbs.archlinux.org/viewtopic.php?id=73573
    Last edited by i3 (2015-04-30 15:23:37)

    I own 4 WD green power 3TB disk named EZRX if i remember correctly. All of them had mentioned issue but there is solution for it, and in fact, in my opinion, better that doing something with system configs for power manager - you can download apps named wdidle.exe*** (it's on many cd with managament utilities) and boot it. You have disable all disk, connect only WD, than you can do a change in firmware by typing /d /r /s and it's done. I did it for all my disk. Of course, there is one problem with it - changing this options in firmware causes that heads won't click so many times but i don't know if power manager from hdparm will work. I did some setup in hardparm, but don't know if it works with changed option if firmware.
    BTW - if you don't like what you did with firmware, you can enable heard parking the same way.
    *in fact this apps is recorded on a bootable CD
    Last edited by firekage (2015-04-30 22:41:19)

  • Has my Broadband been downgraded? Should I renew ...

    My one year contract with BT runs out on 28 January and I haven't made my mind up whether to continue or go with Virgin.  Could someone please answer a couple of queries for me to help me decide?
    A - I am on Empeter Peterborough Exchange which went 21CN in May (and which lost me 1MB of download speed which may have been a coincidence but I gave up talking to India!).
    B - ADSL checker gives the following note:  Your cabinet is planned to have WBC FTTC by 31st March 2012. Our test also indicates that your line currently supports a fibre technology with an estimated WBC FTTC Br
    oadband where consumers have received downstream line speed of 26Mbps and upstream line speed of 10.5Mbps.
    C - I notice from item 2 below from 11/11/2011 where my modulation was G.992.5 Annex A (=ADSL2+) and my Line attenuation (Down/Up) was 59.2 dB / 34.4 dB that there is a difference from item 3 below from today (20/01/2012) where my modulation is now G.992.1 Annex A and my Line attenuation (Down/Up) is 54.6 dB / 31.5 dB.
    Does this mean that my line has been downgraded between November and today?
    Also, please note that I have had total stability on my Homehub3 for months but notice from the Line Status under item 3 that the hub must have gone off by itself four days ago.
    I am connected directly to the master socket.  I have no apparent noise on my phone.
    Many thanks.  Stats follow:
    1.   BT speedtest 20/01/2012 23:42
    Download  Speed
    1780 Kbps
    0 Kbps 2000 Kbps
    Max Achievable Speed
    Download speed achieved during the test was - 1780 Kbps
    For your connection, the acceptable range of speeds is
    800-2000 Kbps.
    Additional Information:
    Your DSL Connection Rate :2208 Kbps(DOWN-STREAM), 448
    Kbps(UP-STREAM)
    IP Profile for your line is - 1947 Kbps
    Upload Speed
    346 Kbps
    0 Kbps 448 Kbps
    Max Achievable Speed
    Upload speed achieved during the test was - 346 Kbps
    Additional Information:
    Upstream Rate IP profile on your line is - 448 Kbps
    2.   Line Status 11/11/2011 09:32
    ADSL Line Status
    Connection Information
    Line state: Connected
    Connection time: 0 days, 10:13:11
    Downstream: 1.869 Mbps
    Upstream: 445.1 Kbps
    ADSL Settings
    VPI/VCI: 0/38
    Type: PPPoA
    Modulation: G.992.5 Annex A
    Latency type: Interleaved
    Noise margin (Down/Up): 7.5 dB / 19.3 dB
    Line attenuation (Down/Up): 59.2 dB / 34.4 dB
    Output power (Down/Up): 16.0 dBm / 12.5 dBm
    FEC Events (Down/Up): 650901 / 20513
    CRC Events (Down/Up): 17062 / 6835
    Loss of Framing (Local/Remote): 0 / 0
    Loss of Signal (Local/Remote): 0 / 0
    Loss of Power (Local/Remote): 0 / 0
    HEC Events (Down/Up): 19735 / 2238
    Error Seconds (Local/Remote): 6059 / 791
    3.   Line Status 20/01/2012 23:29
    ADSL Line Status
    Connection Information
    Line state: Connected
    Connection time: 4 days, 06:21:28
    Downstream: 2.156 Mbps
    Upstream: 448 Kbps
    ADSL Settings
    VPI/VCI: 0/38
    Type: PPPoA
    Modulation: G.992.1 Annex A
    Latency type: Interleaved
    Noise margin (Down/Up): 5.5 dB / 20.0 dB
    Line attenuation (Down/Up): 54.6 dB / 31.5 dB
    Output power (Down/Up): 17.3 dBm / 12.3 dBm
    FEC Events (Down/Up): 10552880 / 14
    CRC Events (Down/Up): 1149 / 17
    Loss of Framing (Local/Remote): 0 / 0
    Loss of Signal (Local/Remote): 0 / 0
    Loss of Power (Local/Remote): 0 / 0
    HEC Events (Down/Up): 3050 / 6
    Error Seconds (Local/Remote): 266265 / 2231

    Looks like you been backwards migrated from ADSL2+ to ADSL as your line was performing better on the "older" service. It's not unusual to see a drop in connection when a long line is put onto ADSL2+.
    If you change package now they'll probably put you back to ADSL2+ which will have the same result as last time. However if you just change your package for a better deal and then Infinity becomes available you'll be able to take out a new contract with Infinity and your existing one at the time would be written off.
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the the reply answers your question then please mark as ’Mark as Accepted Solution’

Maybe you are looking for

  • How to transfer File CC properties from XI to PI 7.1

    Hi friends! I am working on upgrading XI 3 to PI 7.1. When I import the configuration  scenario and try to activate the communication channel I am getting the error message, caused by the fact that SWCV SAP BASIS 6.40 not exist in PI. So I need to ch

  • WAS visual Admin. problem.

    Hi, The problem occured after the following setting was changed. Recent change done in WAS: In Visual Admin>> Services >> Security Provider >> Policy Configuration >> J2EE-Engine, the authentication was set to "no". Most probably this has been change

  • Send some example of bulk collect option in loop

    Hi I have three type parameter which is bulk collect from same table i want to use two of the parameter to verify the data in other table. and if data won't find using this 3rd bulk collect option to update 3 rd table.. help is appreciated,

  • ABAP program running time-BW update Rules

    Hi All, I have an ABAP program that is in one of the update rules from source ODS to destination ODS. Source ODS has 20million records. When we are loading the records to destination ODS , Is there any way I can find howmuch time will take to process

  • Activation server temporarily unavaiable

    HI Can anyone help me, ive upgraded to 5.0 on my 3gs but when it comes to activating it keeps saying activation server temporarily unavaiable it has been saying this since last night can anyone help please,......... I'm in the UK Thanks