1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Heartbleed bug

Discussion in 'Site News, Updates, etc' started by Briansol, Apr 17, 2014.

  1. Briansol

    Briansol Admins Admin VIP

    Messages:
    21,448
    Likes Received:
    2,110
    Joined:
    Nov 18, 2007
    Location:
    CT
    You probably have heard about it by now.
    If not, read: http://techcrunch.com/2014/04/07/ma...sl-could-effect-a-huge-chunk-of-the-internet/

    In case you are wondering, HS server was patched within a few hours of it becoming public knowledge.

    Code:
     [~]# yum list installed | grep -i openssl
    cpanel-perl-514-Crypt-OpenSSL-Bignum.x86_64  0.04-1.cp1136  installed
    cpanel-perl-514-Crypt-OpenSSL-DSA.x86_64  0.13-1.cp1136  installed
    cpanel-perl-514-Crypt-OpenSSL-RSA.x86_64  0.28-1.cp1136  installed
    cpanel-perl-514-Crypt-OpenSSL-Random.x86_64  0.04-1.cp1136  installed
    openssl.x86_64  1.0.1e-16.el6_5.7  @updates
    openssl-devel.x86_64  1.0.1e-16.el6_5.7  @updates
    
    We have no reason to believe anything was compromised or even attempted.. We don't even use SSL, as we don't do any transactions other than logging in to the forum but our sever is equipped with the openSSL software.

    You should NEVER use a password on a forum/etc that is non-ssl on other sites that are, such as your bank, especially if you use group unsecured wifi (ie, at a coffee shop or even your work's wifi lan).

    Consider your own surroundings and be smart. Never submit a password for something you care about on open wifi.
     
    |Chaz| and TurboMirage like this.
  2. phunky.buddha

    phunky.buddha Admin with a big stick Admin VIP

    Messages:
    28,465
    Likes Received:
    228
    Joined:
    Sep 30, 2002
    Location:
    Dallas / Fort Worth, TX
    Oh well, my password here is unique. No worries.
     
  3. SlushboxTeggy

    SlushboxTeggy It's only stupid if it doesn't work VIP

    Messages:
    9,392
    Likes Received:
    245
    Joined:
    Sep 14, 2004
    Location:
    New Jersey
    My password here is different from any other. I have been lucky enough to have 2 different emails hacked a total of 3 times in the past 2 months. Changed my passwords, all seems to be well.
     
  4. newb

    newb phresh VIP

    Messages:
    3,967
    Likes Received:
    179
    Joined:
    Sep 17, 2007
    Location:
    Backwoods Northwest
    K, so the forums Im on all have different pass words, I only check my bank account from my home network, and I havent made any online purchases in the last 2 weeks. Thinkin Im most likely in the clear?
     
  5. reikoshea

    reikoshea HS Troll...And Mod Moderator VIP

    Messages:
    12,633
    Likes Received:
    193
    Joined:
    Apr 27, 2005
    Location:
    San Antonio, TX
    USAA Bank was vulnerable to heartbleed, and this bug is pretty bad no matter what network you're on. Basically, if you're not positive the site in question was using something other than openssl (and a lot have come forward), you should change that password on that site and every site you use it on.
     
  6. newb

    newb phresh VIP

    Messages:
    3,967
    Likes Received:
    179
    Joined:
    Sep 17, 2007
    Location:
    Backwoods Northwest
    Gotcha. Whats the easiest way to tell if they use openssl?
     
  7. TurboMirage

    TurboMirage YEEAAAHHH VIP

    Messages:
    24,577
    Likes Received:
    696
    Joined:
    May 20, 2003
    Location:
    Central, MA
    check the SSL association in the browser bar.
     
  8. reikoshea

    reikoshea HS Troll...And Mod Moderator VIP

    Messages:
    12,633
    Likes Received:
    193
    Joined:
    Apr 27, 2005
    Location:
    San Antonio, TX
    screenshot? cause i've never seen this. at work we actually have a heartbleed demo box setup to check all of our machines....and we have the second largest public compute deployment in the world.....
     
  9. TurboMirage

    TurboMirage YEEAAAHHH VIP

    Messages:
    24,577
    Likes Received:
    696
    Joined:
    May 20, 2003
    Location:
    Central, MA
    you know, that little lock button that appears when you are on a secure site? if you click it you can see the SSL info.
     
  10. reikoshea

    reikoshea HS Troll...And Mod Moderator VIP

    Messages:
    12,633
    Likes Received:
    193
    Joined:
    Apr 27, 2005
    Location:
    San Antonio, TX
    no shit man, but where is it in chrome for example. cant seem to find anything that says 'OpenSSL' or 'Microsoft Proprietary' or anything like that.
     
  11. newb

    newb phresh VIP

    Messages:
    3,967
    Likes Received:
    179
    Joined:
    Sep 17, 2007
    Location:
    Backwoods Northwest
    Im using chrome on my phone and it appears in the address bar to the far left.

    EDIT: Not sure if thats what you meant, but Ill leave it there lol.
     
  12. Briansol

    Briansol Admins Admin VIP

    Messages:
    21,448
    Likes Received:
    2,110
    Joined:
    Nov 18, 2007
    Location:
    CT
    newb likes this.
  13. newb

    newb phresh VIP

    Messages:
    3,967
    Likes Received:
    179
    Joined:
    Sep 17, 2007
    Location:
    Backwoods Northwest
    Thats pretty cool lol. Thanks
     

Share This Page