DUST Search - HeartBleed Bug - Important

All Channels

General Discussions

HeartBleed Bug - Important

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: [1] :: one page

Author	Thread Statistics \| Show CCP posts - 0 post(s)
Maken Tosch DUST University Ivy League 7937	Posted - 2014.04.14 18:26:00 - [1] - Quote Source: http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html Quote: What is it? It's called the Heartbleed bug, and it is essentially an information leak. It starts with a hole in the software that the vast majority of websites on the Internet use to turn your personal information into strings of random numbers and letters. If you see a padlock image in the address bar, there's a good chance that site is using the encryption software that was impacted by the Heartbleed bug. "It's probably the worst bug the Internet has ever seen," said Matthew Prince, CEO of website-protecting service CloudFlare. "If a week from now we hear criminals spoofed a massive number of accounts at financial institutions, it won't surprise me." I sent a petition notifying CCP about this to see if this is something that affects us as well. According to that same article, approximately 81% of websites around the world use server programs that are vulnerable to the Heartbleed Bug. Quote: What can I do? Log out of all websites: email, social media, banking -- everything. But beyond that, it's a waiting game. The websites themselves need to update to a new version of the encryption software to fix the bug. That's why changing all your passwords right away isn't a good idea. Websites are all racing to fix the issue, and if you act too quickly, you might change your password on a site that is still vulnerable. Dedicated Scout // Ninja Knifer Everything I know about the Caldari I learned at Nouvelle Rouvenor
Kaminoikari DROID EXILES General Tso's Alliance 63	Posted - 2014.04.14 18:34:00 - [2] - Quote Maken Tosch wrote: Source: http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html Quote: What is it? It's called the Heartbleed bug, and it is essentially an information leak. It starts with a hole in the software that the vast majority of websites on the Internet use to turn your personal information into strings of random numbers and letters. If you see a padlock image in the address bar, there's a good chance that site is using the encryption software that was impacted by the Heartbleed bug. "It's probably the worst bug the Internet has ever seen," said Matthew Prince, CEO of website-protecting service CloudFlare. "If a week from now we hear criminals spoofed a massive number of accounts at financial institutions, it won't surprise me." I sent a petition notifying CCP about this to see if this is something that affects us as well. According to that same article, approximately 81% of websites around the world use server programs that are vulnerable to the Heartbleed Bug. Quote: What can I do? Log out of all websites: email, social media, banking -- everything. But beyond that, it's a waiting game. The websites themselves need to update to a new version of the encryption software to fix the bug. That's why changing all your passwords right away isn't a good idea. Websites are all racing to fix the issue, and if you act too quickly, you might change your password on a site that is still vulnerable. Well for starters, you sign in on here via your PSN identity which operates on their own set of encryption and such. I'm too tired to post entirely coherently, but the jist is that it does not affect us, the users of this website. Although with other sites the best idea is to change your password. By now the majority of sites have updated to the newest version and you should be able to change your password without fear. Dropships need a buff. This way they can stop derping everywhere . ;_; >Tfw no Amarr dropship and laser turrets
Maken Tosch DUST University Ivy League 7937	Posted - 2014.04.14 18:38:00 - [3] - Quote Kaminoikari wrote: Maken Tosch wrote: Source: http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html Quote: What is it? It's called the Heartbleed bug, and it is essentially an information leak. It starts with a hole in the software that the vast majority of websites on the Internet use to turn your personal information into strings of random numbers and letters. If you see a padlock image in the address bar, there's a good chance that site is using the encryption software that was impacted by the Heartbleed bug. "It's probably the worst bug the Internet has ever seen," said Matthew Prince, CEO of website-protecting service CloudFlare. "If a week from now we hear criminals spoofed a massive number of accounts at financial institutions, it won't surprise me." I sent a petition notifying CCP about this to see if this is something that affects us as well. According to that same article, approximately 81% of websites around the world use server programs that are vulnerable to the Heartbleed Bug. Quote: What can I do? Log out of all websites: email, social media, banking -- everything. But beyond that, it's a waiting game. The websites themselves need to update to a new version of the encryption software to fix the bug. That's why changing all your passwords right away isn't a good idea. Websites are all racing to fix the issue, and if you act too quickly, you might change your password on a site that is still vulnerable. Well for starters, you sign in on here via your PSN identity which operates on their own set of encryption and such. I'm too tired to post entirely coherently, but the jist is that it does not affect us, the users of this website. Although with other sites the best idea is to change your password. By now the majority of sites have updated to the newest version and you should be able to change your password without fear. Ok then. On the other hand, I still wonder what this means for Eve players and if CCP uses a separate encryption method that's not affected by this. Dedicated Scout // Ninja Knifer Everything I know about the Caldari I learned at Nouvelle Rouvenor
Kaminoikari DROID EXILES General Tso's Alliance 64	Posted - 2014.04.14 18:43:00 - [4] - Quote I don't think CCP is as secure with their EvE forums. I don't play EvE or browse their place so I wouldn't know. If you do play EvE just change it to be sure. Also: The reasoning behind my confidence at us PSN users not having to change our passwords is that we login to the DUST forums via a secure (encrypted) connection to the Playstation server(s), which is in turn relayed back to this site. We don't use separate IDs from our PSN one. Dropships need a buff. This way they can stop derping everywhere . ;_; >Tfw no Amarr dropship and laser turrets
dent 308 Subdreddit Test Alliance Please Ignore 2755	Posted - 2014.04.14 18:48:00 - [5] - Quote Heartbleed is an exploit for a specific range of OpenSSL builds. https://www.ssllabs.com/ssltest/analyze.html?d=forums.dust514.com&hideResults=on not vulnerable. https://www.ssllabs.com/ssltest/analyze.html?d=store.playstation.com&hideResults=on not vulnerable. https://www.ssllabs.com/ssltest/analyze.html?d=forums.eveonline.com&hideResults=on not vulnerable. Anything running openssl, with admins who are not asleep would have been updated days ago. XKCD also posted an informative comic on the mechanics of it : http://xkcd.com/1354/ Victor Laszlo: ... If we stop breathing, we'll die. If we stop fighting our enemies, the world will die.
Maken Tosch DUST University Ivy League 7938	Posted - 2014.04.14 18:51:00 - [6] - Quote Kaminoikari wrote: I don't think CCP is as secure with their EvE forums. I don't play EvE or browse their place so I wouldn't know. If you do play EvE just change it to be sure. Also: The reasoning behind my confidence at us PSN users not having to change our passwords is that we login to the DUST forums via a secure (encrypted) connection to the Playstation server(s), which is in turn relayed back to this site. We don't use separate IDs from our PSN one. I do have a lot of confidence in CCP's security given the events that occurred during the past 4 years alone including the DDoS attack that affected both Sony and CCP. As far as I know as an individual, CCP's servers haven't been compromised during during it's entire 11 year history. However, in light of this recent bug that affects a lot of websites around the world, I couldn't help but feel nervous even after all the ** that CCP had endured and countered with its servers. Dedicated Scout // Ninja Knifer Everything I know about the Caldari I learned at Nouvelle Rouvenor**
Maken Tosch DUST University Ivy League 7938	Posted - 2014.04.14 18:52:00 - [7] - Quote dent 308 wrote: Heartbleed is an exploit for a specific range of OpenSSL builds. https://www.ssllabs.com/ssltest/analyze.html?d=forums.dust514.com&hideResults=on not vulnerable. https://www.ssllabs.com/ssltest/analyze.html?d=store.playstation.com&hideResults=on not vulnerable. https://www.ssllabs.com/ssltest/analyze.html?d=forums.eveonline.com&hideResults=on not vulnerable. Anything running openssl, with admins who are not asleep would have been updated days ago. XKCD also posted an informative comic on the mechanics of it : http://xkcd.com/1354/ Thanks for the update. Hopefully this will put many players at ease. Dedicated Scout // Ninja Knifer Everything I know about the Caldari I learned at Nouvelle Rouvenor
THUNDERGROOVE Fatal Absolution Dirt Nap Squad. 658	Posted - 2014.04.14 19:17:00 - [8] - Quote Kaminoikari wrote: Well for starters, you sign in on here via your PSN identity which operates on their own set of encryption and such. I'm too tired to post entirely coherently, but the jist is that it does not affect us, the users of this website. You'd actually be very very wrong thinking this. The PSN sign in uses a technology known as OAuth. OAuth allows a service, like the PSN to allow websites like the DUST514 forums to login by having an exchange of keys. The DUST514 forums really don't have to know anything about your PSN password. This means that, at the time the effected versions of OpenSSL were in use that plaintext passwords/consumer keys/hashed passwords/email addresses or even some of Sony's private SSL keys could have been leaked. The only websites that wouldn't be effected would be some that don't use OpenSSL but use a different TLS implementation like GnuTLS or YaSSL which are very unlikely to be used anyways. tl;dr Change your passwords. Just do it. It can't hurt anything as long as you have half the brain to remember it. Mmmm Scout ak.0 Projects: TDBS \| SDETool


Pages: [1] :: one page
First page \| Previous page \| Next page \| Last page

Copyright © 2013-2024, Chribba - OMG Labs. All Rights Reserved. - perf 0,03s, ref 20241116/1544
EVE-Online™/DUST514™ and EVE/DUST514 imagery © CCP.

bitcoin: 1CHRiBBArqpw5Yz7x5KS2RRtN5ubEn5gF

COPYRIGHT NOTICE
EVE Online/DUST514, the EVE/DUST514 logo, EVE/DUST514 and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to OMG Labs to use EVE Online/DUST514 and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, OMG Labs. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.