Quantcast

Jump to content


Photo

Heartbleed bug patched


  • This topic is locked This topic is locked
10 replies to this topic

#1 Hydrogen

Hydrogen
  • Neocodex Co-Founder

  • 22213 posts


Users Awards

Posted 09 April 2014 - 09:26 PM

Earlier this week, a serious vulnerability in a popular security toolkit, OpenSSL, was discovered. This vulnerability allows an attacker to steal encrypted information, including the private keys that allow a website to verify its identity. You can learn more about the heartbleed bug on http://www.heartbleed.com.

This news post is to inform you that we have updated our version of OpenSSL so that we are protected from attacks. However, because this bug is so serious, there is no guarentee that we haven't already been attacked.

Our best advice is for you to change your password as soon as you can. You can change your password by clicking this link.

Please let us know if you have any questions and we'll do our best to answer them for you :).



#2 Peaches

Peaches
  • 497 posts


Users Awards

Posted 09 April 2014 - 09:35 PM

Thanks for this!

 

I just heard on the news that this vulnerability has been around for three years.



#3 Sunak0

Sunak0
  • 64 posts


Users Awards

Posted 09 April 2014 - 09:52 PM

Thank you so much for the information and a very fast reaction/solution.

 

Now, I just need a password I'll remember.. hmmmm.



#4 MC10

MC10
  • 353 posts


Users Awards

Posted 09 April 2014 - 09:52 PM

Good idea, I was just changing passwords for other sites.



#5 Mirailecious

Mirailecious
  • 15 posts

Posted 19 April 2014 - 11:48 AM

Does that mean I have to change all my passwords again? >_<



#6 Scot

Scot
  • ≡^ᴥ^≡

  • 3935 posts


Users Awards

Posted 19 April 2014 - 11:52 AM

The bug has been known to attack adjacent browser tabs so even after you change your password, remember to browse unpatched sites while keeping a buffer tab(can be blank) in-between to insulate yourself.



#7 Hydrogen

Hydrogen
  • Neocodex Co-Founder

  • 22213 posts


Users Awards

Posted 19 April 2014 - 02:04 PM

The bug has been known to attack adjacent browser tabs so even after you change your password, remember to browse unpatched sites while keeping a buffer tab(can be blank) in-between to insulate yourself.

Is that actually true? Wouldn't that mean there is a vulnerability in the browser itself leaking information across tabs? The heartbleed vulnerability itself has to do with the heartbeat extension to the SSL spec which doesn't necessitate a browser at all...

Can you give me a source where you read this? I'm interested in knowing how it works.



#8 MC10

MC10
  • 353 posts


Users Awards

Posted 19 April 2014 - 02:32 PM

I'm with Hydrogen. I thought people were able to target websites, not browsers.



#9 Scot

Scot
  • ≡^ᴥ^≡

  • 3935 posts


Users Awards

Posted 19 April 2014 - 09:57 PM

Ok I made it up so people would start browsing with blank buffer tabs



#10 MC10

MC10
  • 353 posts


Users Awards

Posted 19 April 2014 - 10:14 PM

Ok I made it up so people would start browsing with blank buffer tabs

Oh you... :p

 

It may have convinced a few people who didn't know much about it.



#11 isabelgillies

isabelgillies
  • 12 posts

Posted 04 May 2014 - 06:36 AM

Super helpful, thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users