Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OpenSSL 'heartbleed' vulnerability

Featured Replies

We may need to be, seeing as websites would be running that item, particularly as a mod on their server software.  I've already discovered a Non-RS-related issue elsewhere that I'm going to have to get resolved. <_<

 

Thanks for the heads-up! :thumbsup:

 

~D. V. "Damnit, this issue would happen..." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

There are no need to worry about it and Rs, as it's not the same SSL that they use, and not even the same versions.

 

Also this is an old issue that has already been fixed by a lot of vendors.

There are no need to worry about it and Rs, as it's not the same SSL that they use, and not even the same versions.

 

Also this is an old issue that has already been fixed by a lot of vendors.

 

 

This is not an "old" issue, servers were vulnerable up until a few days ago....

 

You don't need to worry about it on Tip.It.

Is tip.it not running openssl?

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Yeah I was thinking about another OpenSSL vulnerability that came out a few weeks ago.

 

You don't need to worry about it on Tip.It.

Is tip.it not running openssl?

 

I just meant that we've patched it on our server.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Shouldn't we change our passwords in case the site has already been compromised?

t3aGt.png

 

So I've noticed this thread's regulars all follow similar trends.

 

RPG is constantly dealing with psycho exes.

Muggi reminds us of the joys of polygamy.

Saq is totally oblivious to how much chicks dig him.

I strike out every other week.

Kalphite wages a war against the friend zone.

Randox pretty much stays rational.

Etc, etc

 

Shouldn't we change our passwords in case the site has already been compromised?

Why would you be worried, they'll post as you?

 

There's probably three dozen accounts I have that I'd worry about before I'd worry about TIF. And I'll be waiting another month or so before I start doing anything about it.

XKCD does a good job explaining what heartbleed is, and why you should care about it.

http://xkcd.com/1354/

 

The data accessed is only in the heap - your accounts specifically are only at risk if you were logging in while someone was abusing the bug.

 

More troubling (and why it might not matter if you change your account information right now) is that someone abusing heartbleed could have access to the server's private key. Basically, if they were able to get the private key, any and all communications to the server could be monitored and decrypted.

It's until services effected with heartbleed patch OpenSSL and generate new keypairs that they'll be "safe."

 

So your best bet is to change account passwords now, a month from now, and again in the future. Also fundamentals for account safety are a must - a longer password is better, and do not reuse passwords (especially now).

99 dungeoneering achieved, thanks to everyone that celebrated with me!

 

♪♪ Don't interrupt me as I struggle to complete this thought
Have some respect for someone more forgetful than yourself ♪♪

♪♪ And I'm not done
And I won't be till my head falls off ♪♪

Technically one might be able to get database credentials using the bug...in which case everything would be compromised. However I doubt that happened here...

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.