Jump to content

Heartbleed Bug

L3ftY.

By L3ftY.
in Report News

 Share

Recommended Posts

L3ftY. Community Regular

L3ftY.

Posted
Posted (edited)

I'm not a big tech-head by any stretch, but this was all over the news last night. One reporter was saying to change your passwords on everything on the internet. Another was predicting the end of the world as we know it...well, not quite but they did say it was the largest reaching bug known to date.

 

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. 

 

Here in Canada, the federal government had to shut down their on-line tax processing website. Any banking sites etc. are all vulnerable. 

 

interesting though..

 

 

http://heartbleed.com/

Edited by L3ftY.
  • Like 1
Heretic121 Newbie

Heretic121

Posted
Posted

Any server I have access to was fixed yesterday afternoon. I'm amazed it took so long for the media to start churning stories about it.

SuperSniperGuy Newbie

SuperSniperGuy

Posted
Posted (edited)

Tech-head reporting in!

 

Facts:

  • Over two thirds of all servers have probably affected by this bug. There is no way to know for sure how many in total.
  • You should change EVERY single password you have for EVERY single service/social media platform/website/e-mail account that you have. Change. every. password. No exceptions.
  • Over two thirds of all the secure connections you've had in the past two years were probably at high risk without anyone knowing until two days ago.
  • If you have a Website, a Virtual Private Server or if you are running your own server that is based on Linux, any other *nix distribution or any distribution that uses SSL/TLS encryption, you should scan your server via http://filippo.io/Heartbleed/ to make sure you are safe. Update and upgrade to the latest version of your OS of your server, but also if you are using either Mac OS X or a Linux based computer.
  • Any data you've entered in the past two years should be considered as leaked because there is no way to be sure that you were safe.
  • Android secure connections have NOT been secure for over two years.
  • Any secure connection that was made from any mobile device to any *nix server has NOT been secure for over two years.
  • SSL certificates in your browser, indicating that you are on a secure connection might not have been secure.
  • If the fix for this bug is NOT applied to a server, computer, android device or any other device that uses SSL/TLS you are NOT secure then most of the information you fill in in forms or send via apps such as bank account info, internet banking information, private messages, credit card information can be stolen very easily.

 

Important:

 

Before changing your password, check if the service, hosting- or e-mail provider, social media platform or webmaster has taken steps to fix this bug. If you don't trust the service, disable it until you do.

 

Strong passwords:

 

Anyone on the internet could have stolen any of your passwords over the past two years. I would recommend that you'd start using difficult and strong passwords all over the internet and use EVERY password ONLY ONCE.

 

How to create a strong password?

 

Method 1:

Go to www.strongpasswordgenerator.com and generate a password including punctuation with at least 12 characters. Pro: easy and fast. Con: you can't remember this password so you have to write it down without context so it can not be linked to the service you created it for.

 

Method 2:

Try and come up with at least three separate words that you can remember easily and that can not be linked. Computers and humans have a very hard time guessing your password if you do it like this.

 

Example:    awesomefurrychocolateseahorsebaby

If a service requires you to have numbers, add them to the end.

If a service requires you to have a capital letter, use the first letter of one of the words.

If a service requires you to have punctuation, add them in between words.

Say it ten times and you won't forget it anymore. If you are a visual thinker, this password will be stuck in your head forever.

 

 

Stay safe and always check your (digital) six!

Edited by SuperSniperGuy
  • Like 2
SuperSniperGuy Newbie

SuperSniperGuy

Posted
Posted

This should actually become some kind of sticky post for people on the forums IMHO. Most of them wouldn't know what's happening at the moment.

Vanaraud Newbie

Vanaraud

Posted
Posted

Even if the hosting party has not applied the fix yet changing the password is a good idea as a common knowledge tells to change it periodically. Just in case the culprit decides to take over accounts tomorrow he can´t because of the renewed password. As I understood it from interwebs.

 

Only thing I don´t understand if authentication with id car via smard card reader is affected also or not? I´ve got a feeling it is, but oh well have used it pass 2 years, what can happen now;) jinxed it...

parrot Rookie

parrot

Posted
Posted

correcthorsebatterystaple gets my vote

 

(spent all day updating servers wed)

TulsaGeoff Enthusiast

TulsaGeoff

Posted
Posted

So whats a decent site for checking the security of a frequent site? I want to name my wifi awesomefurrychocolateseahorsebaby lmao....

  • Like 1
  • Leader
RedBaird Grand Master

RedBaird

Posted
  • Leader
Posted

@Tulsa, I read of the same site mention above.

 

Ironically, FA-site is "refusing connection" or the wrong port is assumed, or...

 

http://filippo.io/Heartbleed/#fearless-assassins.com  

(I tried various inputs, http, www, or naked like this)

Uh-oh, something went wrong: dial tcp 144.76.100.131:443: connection refused 
Check what it means at the FAQ.
It might mean that the server is safe, we just can't be 100% sure!
You can specify a port like this example.com:4433. 443 by default.

The US bank, Wells Fargo, is reported as ok:

 

http://filippo.io/Heartbleed/#wellsfargo.com

All good, wellsfargo.com seems fixed or unaffected!
You can specify a port like this example.com:4433. 443 by default.

Go here for all your Heartbleed information needs.

If you want me to fix Heartbleed for you, write you some Go or design some crypto, I'm a freelancer (for now?), so get in contact: click here! And if you want to donate something, I've put a couple of buttons here.
SuperSniperGuy Newbie

SuperSniperGuy

Posted
Posted

 

@Tulsa, I read of the same site mention above.

 

Ironically, FA-site is "refusing connection" or the wrong port is assumed, or...

 

http://filippo.io/Heartbleed/#fearless-assassins.com

(I tried various inputs, http, www, or naked like this)

Uh-oh, something went wrong: dial tcp 144.76.100.131:443: connection refused 
Check what it means at the FAQ.
It might mean that the server is safe, we just can't be 100% sure!
You can specify a port like this example.com:4433. 443 by default.

The US bank, Wells Fargo, is reported as ok:

 

http://filippo.io/Heartbleed/#wellsfargo.com

All good, wellsfargo.com seems fixed or unaffected!
You can specify a port like this example.com:4433. 443 by default.

Go here for all your Heartbleed information needs.

If you want me to fix Heartbleed for you, write you some Go or design some crypto, I'm a freelancer (for now?), so get in contact: click here! And if you want to donate something, I've put a couple of buttons here.

 

If the server refuses the connection, it means that it has SSL disabled, wich is either ok or really bad. It's pretty bad when you send your passwords as plain text to a server so people can actually get your password by sniffing your network connections or any other sneaky method.

Sgt Assault Newbie

Sgt Assault

Posted
Posted

I heard something about that but I was on my way to work so I didn't get to hear a lot. but with technology now days it doesn't surprise me that hackers have found a way around typical security measures. its sad that some people only spend their days trying to ruin someone elses life. whoever discovered this bug/glitch needs to get a real job.

Heretic121 Newbie

Heretic121

Posted
Posted

I ... I don't even know where to begin responding to your comment, SgtAssault.

So I'm just going to reply to the easiest bit, and hope someone else has enough time to explain it to you.

 

whoever discovered this bug/glitch needs to get a real job.

... pen-testing software /is/ a real job, with a real salary.

Gengis Experienced

Gengis

Posted
Posted

Hi,

 

My understanding is that only OpenSSL is affected. Since we do not use it where i work, our web services have not been shut down for a fix.

 

Gengis

Kepar Newbie

Kepar

Posted
Posted

Just went to check out Twitter but it said something like its down because of that bug so I couldnt acces my account to change the password.

  • 2 weeks later...
Heretic121 Newbie

Heretic121

Posted
Posted

heartbleed_explanation.png

 

For those looking for an explanation.

  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept