29 replies to this topic

[sloosecannon]

This is not mod related, but is important enough to warrant a news post.
 
 Two days ago, CVE-2014-0160 was reported to the world. This is a bug in the OpenSSL encryption library, allowing a malicious user to read memory and compromise the entire TLS encryption standard. Any web server using OpenSSL, including servers running on two of the most popular web platforms, Apache and Nginix, may have their private keys and server memory disclosed.

This means your username, password, and any other information passed between you and the server IS VULNERABLE. This bug includes Facebook, Google, and other major providers.
 
Here's what you (non-server users) need to do:

• 
  
• Test every site you use with this tool: http://filippo.io/Heartbleed
• 
  
• If it's safe, change your password!
• 
  
• If not, assume anything you've done and anything you will do on that site is compromised until they fix it. DO NOT CHANGE YOUR PASSWORD ON THESE SITES UNTIL THEY'VE FIXED THE VULNERABILITY!
• 
  

Another good piece of advice is to STAY AWAY from any public wifi hotspots for a while, until this bug is fixed in a majority of sites.

 
A bit of background information:
 
This bug abuses the "TLS heartbeat" function, allowing for a malicious packet to force the server to read random memory off the stack. This renders anything stored in memory, including passwords, private keys, user sessions, etc, completely vulnerable.
 
More info: 
http://www.cnn.com/2...tbleed-openssl/
http://heartbleed.com/

[Unikraken]

[SPECTRE]

I have no idea what the hell you're on about. Non server users? My password?

[Moustachio86]

I'm with SPECTRE. It feels like there's a missing paragraph here. I don't understand what's wrong.

[Unikraken]

I'm with SPECTRE. It feels like there's a missing paragraph here. I don't understand what's wrong.

A load of websites you probably use have a vulnerability in them that allows hackers to see stuff like usernames and passwords. Change your passwords on sites that you share passwords with sites that have this vulnerability, but don't change them on the sites with those vulnerabilities, because then you're just giving hackers your new passwords. This isn't about SotP, this is sloose being a bro warning you, his friends.

[Moustachio86]

Right, got you! Now, just to remember all the sites I have passwords on. Doesn't Chrome have a function for this?

[SPECTRE]

Meh fuckit, I have a ghost thing anyway. (How that for a coincident)

[D4RKST0RM99]

Meh fuckit, I have a ghost thing anyway. (How that for a coincident)

Covenant or supernatural type, also if covenant- how many miles to the galon on one of those things?

[SPECTRE]

Covenant or supernatural type, also if covenant- how many miles to the galon on one of those things?

No like a software thing, I'm patched (permanently) into the internet via the MOD.

[Crisiss]

So what exactly do they have access to? My account on this? Frankly I don't have any personal information on this account, maybe my email at the most. I normally surf on my phone anyways, does that change anything? Thanks for the notification guys.

[sloosecannon]

So what exactly do they have access to? My account on this? Frankly I don't have any personal information on this account, maybe my email at the most. I normally surf on my phone anyways, does that change anything? Thanks for the notification guys.

Nah this is an across-the-board warning. Our site isn't actually affected - this is only for secure (https) sites.

[SternuS]

How do I know which sites should I test? What in the name of the Almighty is happening?

[Zero]

BECU is fine, glad my bank account hasn't been compromised with all that dough... (3Gs)

[Mrbump]

Does somebody mind putting that technobabble into leymans terms please? Thanks

[sloosecannon]

Basically, assume any https site you connect to is compromised. Even if the problem is fixed now, your passwords are possibly vulnerable.
That's the problem with this - we don't know what sites have been hit, only what sites might have been hit.

[Zero]

If someone steals my money, the bank owes me.

[psdt]

So this problem has been fixed, correct? It seems to me that any password changing would be quite futile unless this has been fixed.

[Unikraken]

Reread mystatement.

[Eliteempire]

This is just another thing made like the Sixton [sp] Virus unleashed in the middle against Iran's nuclear program.

[Zero]

If everyone gives me their passwords right now I'll keep them more secret than a 12 year old school girl losing her virginity to the elementary school gym teacher.