Heartbleed bug

Briansol

Admins
Admin
VIP
You probably have heard about it by now.
If not, read: http://techcrunch.com/2014/04/07/ma...sl-could-effect-a-huge-chunk-of-the-internet/

In case you are wondering, HS server was patched within a few hours of it becoming public knowledge.

Code:
 [~]# yum list installed | grep -i openssl
cpanel-perl-514-Crypt-OpenSSL-Bignum.x86_64  0.04-1.cp1136  installed
cpanel-perl-514-Crypt-OpenSSL-DSA.x86_64  0.13-1.cp1136  installed
cpanel-perl-514-Crypt-OpenSSL-RSA.x86_64  0.28-1.cp1136  installed
cpanel-perl-514-Crypt-OpenSSL-Random.x86_64  0.04-1.cp1136  installed
openssl.x86_64  1.0.1e-16.el6_5.7  @updates
openssl-devel.x86_64  1.0.1e-16.el6_5.7  @updates
We have no reason to believe anything was compromised or even attempted.. We don't even use SSL, as we don't do any transactions other than logging in to the forum but our sever is equipped with the openSSL software.

You should NEVER use a password on a forum/etc that is non-ssl on other sites that are, such as your bank, especially if you use group unsecured wifi (ie, at a coffee shop or even your work's wifi lan).

Consider your own surroundings and be smart. Never submit a password for something you care about on open wifi.
 

SlushboxTeggy

It's only stupid if it doesn't work
VIP
My password here is different from any other. I have been lucky enough to have 2 different emails hacked a total of 3 times in the past 2 months. Changed my passwords, all seems to be well.
 

newb

phresh
VIP
K, so the forums Im on all have different pass words, I only check my bank account from my home network, and I havent made any online purchases in the last 2 weeks. Thinkin Im most likely in the clear?
 

reikoshea

HS Troll...And Mod
Moderator
VIP
USAA Bank was vulnerable to heartbleed, and this bug is pretty bad no matter what network you're on. Basically, if you're not positive the site in question was using something other than openssl (and a lot have come forward), you should change that password on that site and every site you use it on.
 

reikoshea

HS Troll...And Mod
Moderator
VIP
screenshot? cause i've never seen this. at work we actually have a heartbleed demo box setup to check all of our machines....and we have the second largest public compute deployment in the world.....
 

TurboMirage

YEEAAAHHH
VIP
you know, that little lock button that appears when you are on a secure site? if you click it you can see the SSL info.
 

reikoshea

HS Troll...And Mod
Moderator
VIP
no shit man, but where is it in chrome for example. cant seem to find anything that says 'OpenSSL' or 'Microsoft Proprietary' or anything like that.
 

newb

phresh
VIP
Im using chrome on my phone and it appears in the address bar to the far left.

EDIT: Not sure if thats what you meant, but Ill leave it there lol.
 
Top