Welcome Guest [Log In] [Register]
Posted Image

Username:   Password:
Add Reply
Heartbleed Bug
Topic Started: Apr 10 2014, 01:17 AM (712 Views)
BA
Member Avatar
Administrator

It's been in the news for a day or so, but apparently there was a major exploit found in an SSL system which secures information in transit between the client and the server. This SSL system, named OpenSSL, is used by several major websites. To put things into perspective, here is a list of the sites affected or possibly affected: List. The vulnerability may have compromised user's data, though there isn't 100% certainty that anything was stolen since possible theft is undetectable from those who could have exploited the vulnerability.

At your discretion, you should change your password to your important sites. Tumblr and company are recommending changing all your passwords, in any case.
PM Offline Member Quote Post Goto Top
 
Draayder
Member Avatar
King DeDeDe
Don't change your passwords on sites still affected yet because then people could just grab both your old and new passwords. Anything that's not affected you can change if you feel you need to, as always it's good to have a different password for each site (but who even does that, I'd just try for a different password on 'important' sites like banks/steam/other places that have your credit card info).

This is a thing that's been around since 2011 but was only recently discovered, and it's a relatively easy fix, either a manual tweak by developers or a update to the newest version of openSSL by the website.

Overall I don't think everyone needs to worry too much, if you're nervous just avoid sites that aren't fixed yet and nothing'll happen.
Posted Image
PM Offline Member Quote Post Goto Top
 
BA
Member Avatar
Administrator

There's a site tool that was created to test for the Heartbleed bug: http://filippo.io/Heartbleed/. The list on the first post also suggests sites that you should change your password for that have been already patched.

Waiting until the dust settles would probably be the best idea if you want maximum privacy and anonymity.
PM Offline Member Quote Post Goto Top
 
Odysseus
Member Avatar
PRRRROMOTION

Thanks for the info guys. I hope this nonsense gets resolved soon.
Posted Image
PM Offline Member Quote Post Goto Top
 
Draayder
Member Avatar
King DeDeDe
XKCD did a nice explanation of how it works, it's a simple fix (just limiting the amount of characters you can put in/get out or disabling heartbeat outright) but here's what it does

Posted Image
Posted Image
PM Offline Member Quote Post Goto Top
 
BA
Member Avatar
Administrator

User BA requests to post in topic 9000. [insert everyone's passwords here]
PM Offline Member Quote Post Goto Top
 
Odysseus
Member Avatar
PRRRROMOTION

MUST GIVE LORD BA ALL PASSWORDS
Posted Image
PM Offline Member Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · General Discussion · Next Topic »
Add Reply