Jump to content
Sign in to follow this  
frogact

OpenSSL 'heartbleed' vulnerability

Recommended Posts

We may need to be, seeing as websites would be running that item, particularly as a mod on their server software.  I've already discovered a Non-RS-related issue elsewhere that I'm going to have to get resolved. <_<

 

Thanks for the heads-up! :thumbsup:

 

~D. V. "Damnit, this issue would happen..." Devnull


tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Share this post


Link to post
Share on other sites

There are no need to worry about it and Rs, as it's not the same SSL that they use, and not even the same versions.

 

Also this is an old issue that has already been fixed by a lot of vendors.

  • Like 1

Share this post


Link to post
Share on other sites

You don't need to worry about it on Tip.It.


Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Share this post


Link to post
Share on other sites

There are no need to worry about it and Rs, as it's not the same SSL that they use, and not even the same versions.

 

Also this is an old issue that has already been fixed by a lot of vendors.

 

 

This is not an "old" issue, servers were vulnerable up until a few days ago....

 

You don't need to worry about it on Tip.It.

Is tip.it not running openssl?

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Share this post


Link to post
Share on other sites

Yeah I was thinking about another OpenSSL vulnerability that came out a few weeks ago.

Share this post


Link to post
Share on other sites

 

You don't need to worry about it on Tip.It.

Is tip.it not running openssl?

 

I just meant that we've patched it on our server.


Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Share this post


Link to post
Share on other sites

Shouldn't we change our passwords in case the site has already been compromised?


t3aGt.png

 

So I've noticed this thread's regulars all follow similar trends.

 

RPG is constantly dealing with psycho exes.

Muggi reminds us of the joys of polygamy.

Saq is totally oblivious to how much chicks dig him.

I strike out every other week.

Kalphite wages a war against the friend zone.

Randox pretty much stays rational.

Etc, etc

 

Share this post


Link to post
Share on other sites

Shouldn't we change our passwords in case the site has already been compromised?

Why would you be worried, they'll post as you?

 

There's probably three dozen accounts I have that I'd worry about before I'd worry about TIF. And I'll be waiting another month or so before I start doing anything about it.

XKCD does a good job explaining what heartbleed is, and why you should care about it.

http://xkcd.com/1354/

 

The data accessed is only in the heap - your accounts specifically are only at risk if you were logging in while someone was abusing the bug.

 

More troubling (and why it might not matter if you change your account information right now) is that someone abusing heartbleed could have access to the server's private key. Basically, if they were able to get the private key, any and all communications to the server could be monitored and decrypted.

It's until services effected with heartbleed patch OpenSSL and generate new keypairs that they'll be "safe."

 

So your best bet is to change account passwords now, a month from now, and again in the future. Also fundamentals for account safety are a must - a longer password is better, and do not reuse passwords (especially now).


99 dungeoneering achieved, thanks to everyone that celebrated with me!

 

♪♪ Don't interrupt me as I struggle to complete this thought
Have some respect for someone more forgetful than yourself ♪♪

♪♪ And I'm not done
And I won't be till my head falls off ♪♪

Share this post


Link to post
Share on other sites

Technically one might be able to get database credentials using the bug...in which case everything would be compromised. However I doubt that happened here...


polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.