Jump to content
Debaser

PLEASE READ: Heartbleed SSL Exploit

Recommended Posts

So, I'm not sure if everyone here is aware, there is a security flaw dealing with websites using SSL encryption. Basically, websites such as Google, Facebook, Twitter, your bank's website, they all use SSL encyption. Open SSL is used by tons of websites, and there has been a security flaw discovered that has been exploited for about two years. It was just discovered a few days ago. Many websites have begun patching this exploit, but not everyone has, yet.

 

CNET has been doing a good job of keeping up with the websites that have been patched. You can find a list here:

 

http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

 

This exploit works by scraping the RAM memory on the servers. What this means is: Do NOT change your passwords until the exploit has been patched by that specific website. You can see on the list from CNET that many have already patched. You are safe to change your passwords there.

 

The problem with changing your password before the patch has been implemented is, that information is still stored in the RAM on the server, so that memory can still be compromised. So wait to change your password until you hear that it is patched.

 

Most, if not all compromised websites should be patched by the end of the weekend.

 

This does not affect our website, as we do not use SSL.

 

Here's a link that'll give you some more information about it:

 

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

Share this post


Link to post
Share on other sites

So, I'm not sure if everyone here is aware, there is a security flaw dealing with websites using SSL encryption. Basically, websites such as Google, Facebook, Twitter, your bank's website, they all use SSL encyption. Open SSL is used by tons of websites, and there has been a security flaw discovered that has been exploited for about two years. It was just discovered a few days ago. Many websites have begun patching this exploit, but not everyone has, yet.

 

CNET has been doing a good job of keeping up with the websites that have been patched. You can find a list here:

 

http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

 

This exploit works by scraping the RAM memory on the servers. What this means is: Do NOT change your passwords until the exploit has been patched by that specific website. You can see on the list from CNET that many have already patched. You are safe to change your passwords there.

 

The problem with changing your password before the patch has been implemented is, that information is still stored in the RAM on the server, so that memory can still be compromised. So wait to change your password until you hear that it is patched.

 

Most, if not all compromised websites should be patched by the end of the weekend.

 

This does not affect our website, as we do not use SSL.

 

Here's a link that'll give you some more information about it:

 

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

 

Phew. I'd hate for someone to hack my login and post terrible things as me, like how awesome Reimer is, how other teams get shutouts or other stupid bullshit.

 

Thanks for the update Debase!

Edited by tbnl

Share this post


Link to post
Share on other sites

Anyone know what Canadian banks have been fixed/if they were even vulnerable? I don't want to change my password if it hasn't been fixed yet. Not like there's any money in there anyways.... if someone wants to hack in and pay off my student debt, I'll happily leave my password the same  ^_^

Share this post


Link to post
Share on other sites

Anyone know what Canadian banks have been fixed/if they were even vulnerable? I don't want to change my password if it hasn't been fixed yet. Not like there's any money in there anyways.... if someone wants to hack in and pay off my student debt, I'll happily leave my password the same ^_^

Sorry no idea

@@Debaser netflix is telling me I SHOULD change my password for this... sup with that?

I'd say that means they've probably patched it already, in which case you're good change password. Many websites have already patched. They might be on the list I posted in the op. I can't check right now, though

Sent from my SAMSUNG-SGH-I337 using Tapatalk

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×