I'm sure most of you are aware it's been in the news quite a bit as of late, stay safe.
https://www.google.com/#q=heartbleed
Heartbleed
- sgt stutter
- Server Ops
- Posts: 7242
- Joined: Sun Oct 15, 2006 3:47 pm
- Location: May as well be Canada
-
Games Played
Ville Awards
Heartbleed
RIP-Trigger
RIP-Blue
RIP-Stevo
- belak
- Villun
- Posts: 330
- Joined: Sun Apr 01, 2012 12:51 am
- Location: Bellevue, WA
-
Games Played
Ville Awards
Re: Heartbleed
Definitely a huge issue.
Explanation: http://heartbleed.com/
The fix: https://github.com/openssl/openssl/comm ... b11c44aead
Checker (if you know how to use Go programs. There's a python one out there somewhere as well.): https://github.com/FiloSottile/Heartbleed
tl;dr: There was a bug relating to one of the most common encryption libraries for servers. This may have made it possible for attackers to get the information needed to impersonate large services (such as Yahoo, Steam, etc). It's been patched and many large sites have been updated, but be careful. About 66% of the servers on the internet use software which uses this library by default.
Explanation: http://heartbleed.com/
The fix: https://github.com/openssl/openssl/comm ... b11c44aead
Checker (if you know how to use Go programs. There's a python one out there somewhere as well.): https://github.com/FiloSottile/Heartbleed
tl;dr: There was a bug relating to one of the most common encryption libraries for servers. This may have made it possible for attackers to get the information needed to impersonate large services (such as Yahoo, Steam, etc). It's been patched and many large sites have been updated, but be careful. About 66% of the servers on the internet use software which uses this library by default.
- black_and_blue
- Server Admin
- Posts: 2617
- Joined: Sun Apr 20, 2008 5:28 pm
-
Games Played
Ville Awards
Re: Heartbleed
This is an OpenSSL based attack. TheVille doesn't use https at all, which kind of exempts it from any encryption-based attack.jettah wrote:Thanks for the warning. I take it TheVille is safe?
Of course it also means that none of the traffic you send is encrypted at all, so you certainly wouldn't want to be typing your forum password it in an open wi-fi hotspot.
- Knowing
- Villun
- Posts: 152
- Joined: Sun May 05, 2013 4:44 pm
- Location: You read this for nothing.
-
Games Played
Ville Awards
Re: Heartbleed
I learned about this around this morning... I changed about every password I know that uses https. Kind of freaked out still. O.O
The only difference between me and a madman is that I'm not mad.
- Salvador Dali (1904-1989)
- Salvador Dali (1904-1989)
- belak
- Villun
- Posts: 330
- Joined: Sun Apr 01, 2012 12:51 am
- Location: Bellevue, WA
-
Games Played
Ville Awards
Re: Heartbleed
Useful link for which services are known to have possibly been compromised:
http://mashable.com/2014/04/09/heartble ... -tech-link
http://mashable.com/2014/04/09/heartble ... -tech-link
- BigBiker05
- Villun
- Posts: 2904
- Joined: Mon Dec 15, 2008 7:48 am
- Location: Lost
-
Games Played
Ville Awards
Re: Heartbleed
Thanks for the list. People kept talking about this but no one dumbed it to for us folks.belak wrote:Useful link for which services are known to have possibly been compromised:
http://mashable.com/2014/04/09/heartble ... -tech-link
- Will T.
- Villun
- Posts: 1635
- Joined: Tue Feb 08, 2011 12:54 am
- Location: Seattle, WA, USA
- Contact:
-
Games Played
Ville Awards
Re: Heartbleed
There's now another XKCD about this, with a more in-depth explanation that manages to be simple enough for even me to understand. 
- metacide
- Villun
- Posts: 1899
- Joined: Sun Aug 31, 2008 4:18 pm
- Location: Seattle, WA
-
Games Played
Ville Awards
Re: Heartbleed
Dang I was gonna post that.Will T. wrote:There's now another XKCD about this, with a more in-depth explanation that manages to be simple enough for even me to understand.
Who is online
Users browsing this forum: No registered users and 40 guests