frogact Posted April 8, 2014 Share Posted April 8, 2014 Do Tif users or rs players need to be concerned about this? I have no idea what OpenSSL is, but I already changed all of my vendor acct passwords. http://www.us-cert.gov/ncas/alerts/TA14-098A jfroggy Link to comment Share on other sites More sharing options...
D. V. Devnull Posted April 8, 2014 Share Posted April 8, 2014 We may need to be, seeing as websites would be running that item, particularly as a mod on their server software. I've already discovered a Non-RS-related issue elsewhere that I'm going to have to get resolved. <_< Thanks for the heads-up! :thumbsup: ~D. V. "Damnit, this issue would happen..." Devnull and normally with a cool mind.(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.) Link to comment Share on other sites More sharing options...
Sbrideau Posted April 9, 2014 Share Posted April 9, 2014 There are no need to worry about it and Rs, as it's not the same SSL that they use, and not even the same versions. Also this is an old issue that has already been fixed by a lot of vendors. 1 Link to comment Share on other sites More sharing options...
tripsis Posted April 10, 2014 Share Posted April 10, 2014 You don't need to worry about it on Tip.It. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
obfuscator Posted April 12, 2014 Share Posted April 12, 2014 There are no need to worry about it and Rs, as it's not the same SSL that they use, and not even the same versions. Also this is an old issue that has already been fixed by a lot of vendors. This is not an "old" issue, servers were vulnerable up until a few days ago.... You don't need to worry about it on Tip.It.Is tip.it not running openssl? "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti Link to comment Share on other sites More sharing options...
Sbrideau Posted April 12, 2014 Share Posted April 12, 2014 Yeah I was thinking about another OpenSSL vulnerability that came out a few weeks ago. Link to comment Share on other sites More sharing options...
tripsis Posted April 14, 2014 Share Posted April 14, 2014 You don't need to worry about it on Tip.It.Is tip.it not running openssl? I just meant that we've patched it on our server. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Estonian dude Posted April 15, 2014 Share Posted April 15, 2014 Shouldn't we change our passwords in case the site has already been compromised? So I've noticed this thread's regulars all follow similar trends. RPG is constantly dealing with psycho exes.Muggi reminds us of the joys of polygamy.Saq is totally oblivious to how much chicks dig him.I strike out every other week.Kalphite wages a war against the friend zone.Randox pretty much stays rational.Etc, etc Link to comment Share on other sites More sharing options...
sees_all1 Posted April 15, 2014 Share Posted April 15, 2014 Shouldn't we change our passwords in case the site has already been compromised?Why would you be worried, they'll post as you? There's probably three dozen accounts I have that I'd worry about before I'd worry about TIF. And I'll be waiting another month or so before I start doing anything about it.XKCD does a good job explaining what heartbleed is, and why you should care about it.http://xkcd.com/1354/ The data accessed is only in the heap - your accounts specifically are only at risk if you were logging in while someone was abusing the bug. More troubling (and why it might not matter if you change your account information right now) is that someone abusing heartbleed could have access to the server's private key. Basically, if they were able to get the private key, any and all communications to the server could be monitored and decrypted.It's until services effected with heartbleed patch OpenSSL and generate new keypairs that they'll be "safe." So your best bet is to change account passwords now, a month from now, and again in the future. Also fundamentals for account safety are a must - a longer password is better, and do not reuse passwords (especially now). 99 dungeoneering achieved, thanks to everyone that celebrated with me! ♪♪ Don't interrupt me as I struggle to complete this thoughtHave some respect for someone more forgetful than yourself ♪♪♪♪ And I'm not doneAnd I won't be till my head falls off ♪♪ Link to comment Share on other sites More sharing options...
obfuscator Posted April 18, 2014 Share Posted April 18, 2014 Technically one might be able to get database credentials using the bug...in which case everything would be compromised. However I doubt that happened here... "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now