Heartbleed: what vendors say
While the industry, in general, is moving away from the blow dealt to her by Heartbleed, individual companies have issued their press releases and comments, explaining their involvement in the subject. Below is a reference to the well-known vendors in brief.
Service : Facebook
Affected : Unclear
Need to change your password? : Yes. This has been a public protest of the OpenSSL before this issue was publicly disclosed. We encourage people to set a unique password.
Service : Tor
Affected : indirectly, through other servers
Need to change your password? : depends on target server. If you want to get rid of the Internet, you can’t need it.
See https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 for more details.
')
Service : LinkedIn
Affected : No
Need to change your password? : not. We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net . As a result, HeartBleed doesn’t present a risk to these web properties.
Service : Tumblr
Affected : yes
Need to change your password? : Yes. We have no evidence of any breach of our network, or our team
Service : Twitter
Affected : Unclear
Need to change your password? : it is not clear. On 4/7/2014 we’ve been aware of the critical vulnerability in OpenSSL (CVE-2014-0160). We were able to determine whatsapps.com and api.twitter.com servers were affected by this vulnerability.
Service : Apple
Affected : Unclear
Need to change your password? : it is not clear.
Service : Amazon
Affected : No
Need to change your password? : not. Amazon.com is not affected.
Service : Google
Affected : yes
Need to change your password? : Better change. Google services.
Service : Microsoft
Affected : No
Need to change your password? : Not. Microsoft services were not running OpenSSL, according to LastPass.
Service : Yahoo
Affected : yes
Need to change your password? : Yes. We’ve been able to make it right now.
Service : eBay
Affected : Unclear
Need to change your password? : it is not clear. You can continue to shop securely on our marketplace.
Service : GoDaddy
Affected : yes
Need to change your password? : Yes. We’ve been updating GoDaddy services that use the OpenSSL version.
For details, see godaddyblog.com/open-ssl-heartbleed-weve-patched-servers .
Service : PayPal
Affected : No
Need to change your password? : not. Your PayPal account details are not secured.
For more information, see www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568
Service : Dropbox
Affected : yes
Need to change your password? : Yes. We’ve been patched to make sure your stuff is always safe.
Service : Evernote
Affected : No
Need to change your password? : not. Evernote's service, Evernote apps, and Evernote websites ... all utilize SSL / TLS implementations of SSL / TLS to encrypt network communications.
For more, see the discussion.evernote.com/topic/56287-heartbleed .
Service : SoundCloud
Affected : yes
Need to change your password? : Yes. SoundCloud accounts ... and when you’ve signed it out.
Source: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoiZiIsImkiOiJfYzB3YTB6ZDlva3Q1cHhlZCJ9
See information on Cisco, Fortinet, Novell, OpenVPN, redhat, etc.
http://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929
Service : Facebook
Affected : Unclear
Need to change your password? : Yes. This has been a public protest of the OpenSSL before this issue was publicly disclosed. We encourage people to set a unique password.
Service : Tor
Affected : indirectly, through other servers
Need to change your password? : depends on target server. If you want to get rid of the Internet, you can’t need it.
See https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 for more details.
')
Service : LinkedIn
Affected : No
Need to change your password? : not. We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net . As a result, HeartBleed doesn’t present a risk to these web properties.
Service : Tumblr
Affected : yes
Need to change your password? : Yes. We have no evidence of any breach of our network, or our team
Service : Twitter
Affected : Unclear
Need to change your password? : it is not clear. On 4/7/2014 we’ve been aware of the critical vulnerability in OpenSSL (CVE-2014-0160). We were able to determine whatsapps.com and api.twitter.com servers were affected by this vulnerability.
Service : Apple
Affected : Unclear
Need to change your password? : it is not clear.
Service : Amazon
Affected : No
Need to change your password? : not. Amazon.com is not affected.
Service : Google
Affected : yes
Need to change your password? : Better change. Google services.
Service : Microsoft
Affected : No
Need to change your password? : Not. Microsoft services were not running OpenSSL, according to LastPass.
Service : Yahoo
Affected : yes
Need to change your password? : Yes. We’ve been able to make it right now.
Service : eBay
Affected : Unclear
Need to change your password? : it is not clear. You can continue to shop securely on our marketplace.
Service : GoDaddy
Affected : yes
Need to change your password? : Yes. We’ve been updating GoDaddy services that use the OpenSSL version.
For details, see godaddyblog.com/open-ssl-heartbleed-weve-patched-servers .
Service : PayPal
Affected : No
Need to change your password? : not. Your PayPal account details are not secured.
For more information, see www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568
Service : Dropbox
Affected : yes
Need to change your password? : Yes. We’ve been patched to make sure your stuff is always safe.
Service : Evernote
Affected : No
Need to change your password? : not. Evernote's service, Evernote apps, and Evernote websites ... all utilize SSL / TLS implementations of SSL / TLS to encrypt network communications.
For more, see the discussion.evernote.com/topic/56287-heartbleed .
Service : SoundCloud
Affected : yes
Need to change your password? : Yes. SoundCloud accounts ... and when you’ve signed it out.
Source: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoiZiIsImkiOiJfYzB3YTB6ZDlva3Q1cHhlZCJ9
See information on Cisco, Fortinet, Novell, OpenVPN, redhat, etc.
http://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929
Source: https://habr.com/ru/post/218945/
All Articles