Not what you were looking for? Ask our experts!
Reply
Contributor
sibbaldus
Posts: 19
Registered: ‎06-22-2009

Heart Bleed Bug

Is Norton Identity Safe affected by Heart Bleed bug?  Has there been any statement from Symantec?

yank
Posts: 10,059
Kudos: 2,248
Solutions: 512
Registered: ‎12-02-2009

Re: Heart Bleed Bug

Regular Contributor
Taffy_078
Posts: 204
Registered: ‎01-17-2012

Re: Heart Bleed Bug

[ Edited ]

hello again Yank - but are the Symantec main site and this community forum Open-SSL sites? Do we need to change our passwords?

Desktop: XP / IE8 (shortly to be replaced - when I've the time!)
Laptop: Win7 / IE11
Contributor
sibbaldus
Posts: 19
Registered: ‎06-22-2009

Re: Heart Bleed Bug

[ Edited ]

I had a chat session with Symantec.  It was repeatedly said to me is that only Web sites are affected by Heart Bleed bug but that the login information/password I use to access the servers housing my  Identity Safe information was/is not affected.

 

I am no expert in this area but was not reassured by the chat discussion.  Does the point about affecting only Web sites make sense to those of you who understand Open SSL and the capabilities of the Heart Bleed bug?

 

Thanks.

 

PS:  I hope the forum administrator will respond or, better yet, Symantec will issue a clear statement for us non-experts, about whether there is/was a potential leakage of the password used to access the Identity Safe servers through the login box for Idenity Safe. Yes or no!  

 

Symantec/Norton removed the option to store my Identity safe passwords on my personal computer and has now left me wondering whether my information is safe in its cloud servers.   

yank
Posts: 10,059
Kudos: 2,248
Solutions: 512
Registered: ‎12-02-2009

Re: Heart Bleed Bug

[ Edited ]

 

@Tony_Weiss  @Tim_Lopez  @Mohan_G  

 

Any comment in simple, easy to understand terminology for us less tech savy users would certainly be appreciated.

 

To change all, some or none of our passwords? 
How safe is ID safe Data - etc everyone (including me) seems confused and wondering.

Newbie
Trusty
Posts: 1
Registered: ‎04-10-2014

Re: Heart Bleed Bug

LastPass has actively assesed the user sites for their registered passwords listing in a spreadsheet form the name of the site, the age of the password, whether the site certificate has been updated and the recommended action for the Heartbleed issue.

 

Why doesn't Norton Identity Safe do the same for its users?

Contributor
sibbaldus
Posts: 19
Registered: ‎06-22-2009

Re: Heart Bleed Bug

AMEN!...And Last Pass has offered a description of how one's primary password (into Last Pass) is encrypted on your local machine and, according to Last Pass, should not be affected by Heart Bleed.

 

Too bad that a huge company such as Symantec, can't do the same.  Or is it that it really can't offer the same assurance?

 

 

Contributor
sibbaldus
Posts: 19
Registered: ‎06-22-2009

Re: Heart Bleed Bug

Symantec has published a heart bleed vulnerability update site, with a link to matrix of products.

 

http://www.symantec.com/outbreak/?id=heartbleed

Norton Fighter
Krusty13
Posts: 6,834
Registered: ‎05-31-2011

Re: Heart Bleed Bug

Heartbleed Affected Products.PNG

 

Interesting that there is no information about Identity Safe, NIS, NAV or Norton 360

W W W  =  Wild Wild West.    Be careful out there!

Super Phishing Phryer
avjohnnie
Posts: 877
Registered: ‎09-16-2009

Re: Heart Bleed Bug

[ Edited ]

Krusty13 wrote:

Heartbleed Affected Products.PNG

 

Interesting that there is no information about Identity Safe, NIS, NAV or Norton 360


Hmm...  Interesting that there's a double entry for Identity Safe...  Is that a mistake?  And vexing too that Identity Safe would even be listed as susceptible. Especially considering the statements made by Norton nearly two years ago in the Norton Protection Blog; specifically the blog located here:

 

http://community.norton.com/t5/Norton-Protection-Blog/What-are-the-changes-to-the-Norton-Toolbar/ba-...

 

which contains (among other claims,) the following set of statements:

 

"...  The Online Vault is Secure.

 

- Norton uses 256bit AES encryption to encrypt the data. This is a leading industry standard for encryption.

- Using a very “strong” password is mandatory when creating an online vault – not just encouraged.

- On the server side, Norton has security zones and firewalls between each zone to make sure only intended traffic is allowed access.

- Encrypted vaults on PC, Mac, and Mobile clients are only ever decrypted on your local computer, never at Norton facilities, so no Symantec employee ever has access to any vault data.

- Vault contents are encrypted both in transit as well as at Norton data centers to ensure that no one can access a user’s data via a “man-in-the-middle” attack.  ..."

 

Which (to me) virtually guarantees that the vault data remains hard-encrypted at all times while it is located anywhere other than on the user's local computer or device.

 

So why is there a concern being flagged - and twice at that?

 

Kind regards,

John