Watchtower false alerts?
Watchtower is showing an alert for Amazon, but when I tap "Learn More," all it says is that Amazon was never vulnerable to Heartbleed. What's going on? Do I need to change my Amazon password or not? If so, why?
1Password Version: 6.2.2
Extension Version: Not Provided
OS Version: iOS 9.2.1
Sync Type: Dropbox
Referrer: forum-search:Watchtower
Comments
-
Hi @Jim A Syler,
the Heartbleed vulnerability happened a while ago. If you haven't changed you Amazon password after Heartbleed you will see that message. As Amazon was affected by Heartbleed and you password could be compromised we'd like you to be save by changing your password of a compromised site.
Hope that helps.
Winnie0 -
This content has been removed.
-
@Jim A Syler: Sorry for the confusion! You've done a search for "www.amazon.com", but if you do a search for "amazon.com" instead on the Watchtower page, you'll see the following link under "Important References":
Some Amazon services were affected, and since neither AgileBits nor 1Password track your behaviour, it's impossible for either to know if you'd used your Amazon account for some or all of the affected services. Better safe than sorry! :pirate:
0 -
This content has been removed.
-
This content has been removed.
-
This content has been removed.
-
Jim,
Thanks for sharing your perspective on this. A lot of such entries were added as a result of the Heartbleed bug a few years back. I don't necessarily disagree that in the future we can do better with this sort of thing.
As far as Brenty's "better safe than sorry" comment -- I have to agree with him 100%. While I understand it is an inconvenience to change a memorized password our position would always be that it is better to change a password that may not have been compromised vs not change one that definitely has.
That said, we definitely appreciate the feedback, and hopefully this is an area in which we can continue to iterate.
Ben
0 -
@Jim A Syler: Sorry! I probably should have been a bit clearer. In many cases, especially with big websites like Amazon's,
amazon.comandwww.amazon.comare actually not the same server. Often they're different machines entirely (or, more likely, many of them, in Amazon's case), with a different IP address for each. Doing a quick lookup:MBPr:Backups by$ nslookup www.amazon.com Server: 10.0.1.1 Address: 10.0.1.1#53 Non-authoritative answer: Name: www.amazon.com Address: 54.239.17.6
As you can see above, there's only a single IP given for the
wwwsubdomain ofamazon.com. However:MBPr:Backups by$ nslookup amazon.com Server: 10.0.1.1 Address: 10.0.1.1#53 Non-authoritative answer: Name: amazon.com Address: 54.239.25.192 Name: amazon.com Address: 54.239.17.6 Name: amazon.com Address: 54.239.25.208 Name: amazon.com Address: 54.239.26.128 Name: amazon.com Address: 54.239.25.200 Name: amazon.com Address: 54.239.17.7
The IP of
www.amazon.comdoesn't match any that are used foramazon.com. For all intents and purposes, these are completely separate entities, much like your mailing address. If you have a lot of houses named all the same (I guess rich people in the UK do this), you still have many different mailing addresses (like the IPs foramazon.com); each is quite separate, and you can name one of them differently as well if you like (www.amazon.com, with yet another IP), but the post office (or a network router) doesn't deliver packages based on the name.In other cases (like the sites you mentioned), the sites may have changed substantially over time (different server, IP), or we may simply not have received enough information to make a determination one way or the other, so "Status Unknown - The vulnerability status could not be determined" is all we can offer. We add this data for known sites, but it simply isn't possible for us to index everything. I'm sorry for any confusion that's caused. :(
0
