![]() |
| Heartbleed Bug | |
|---|---|
| Topic Started: Apr 10 2014, 01:17 AM (712 Views) | |
| BA | Apr 10 2014, 01:17 AM Post #1 |
![]()
Administrator
![]()
|
It's been in the news for a day or so, but apparently there was a major exploit found in an SSL system which secures information in transit between the client and the server. This SSL system, named OpenSSL, is used by several major websites. To put things into perspective, here is a list of the sites affected or possibly affected: List. The vulnerability may have compromised user's data, though there isn't 100% certainty that anything was stolen since possible theft is undetectable from those who could have exploited the vulnerability. At your discretion, you should change your password to your important sites. Tumblr and company are recommending changing all your passwords, in any case. |
|
|
| Draayder | Apr 10 2014, 07:54 AM Post #2 |
|
King DeDeDe
|
Don't change your passwords on sites still affected yet because then people could just grab both your old and new passwords. Anything that's not affected you can change if you feel you need to, as always it's good to have a different password for each site (but who even does that, I'd just try for a different password on 'important' sites like banks/steam/other places that have your credit card info). This is a thing that's been around since 2011 but was only recently discovered, and it's a relatively easy fix, either a manual tweak by developers or a update to the newest version of openSSL by the website. Overall I don't think everyone needs to worry too much, if you're nervous just avoid sites that aren't fixed yet and nothing'll happen. |
| |
|
|
| BA | Apr 10 2014, 01:02 PM Post #3 |
![]()
Administrator
![]()
|
There's a site tool that was created to test for the Heartbleed bug: http://filippo.io/Heartbleed/. The list on the first post also suggests sites that you should change your password for that have been already patched. Waiting until the dust settles would probably be the best idea if you want maximum privacy and anonymity. |
|
|
| Odysseus | Apr 10 2014, 02:47 PM Post #4 |
|
PRRRROMOTION
![]()
|
Thanks for the info guys. I hope this nonsense gets resolved soon. |
| |
|
|
| Draayder | Apr 11 2014, 09:23 AM Post #5 |
|
King DeDeDe
|
XKCD did a nice explanation of how it works, it's a simple fix (just limiting the amount of characters you can put in/get out or disabling heartbeat outright) but here's what it does
|
| |
|
|
| BA | Apr 11 2014, 06:21 PM Post #6 |
![]()
Administrator
![]()
|
User BA requests to post in topic 9000. [insert everyone's passwords here] |
|
|
| Odysseus | Apr 11 2014, 07:56 PM Post #7 |
|
PRRRROMOTION
![]()
|
MUST GIVE LORD BA ALL PASSWORDS |
| |
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · General Discussion · Next Topic » |







