Why not talk about heartbleed! :P

Topic: Why not talk about heartbleed! :P (Read 2598 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

Why not talk about heartbleed! :P

April 14, 2014, 06:24:06 pm

I suppose you have heard about it already (OpenSSL bug, if you haven't just google it in your preferred language and you'll get plenty of results).

Github was affected too:
https://github.com/blog/1818-security-heartbleed-vulnerability
they suggest:

Quote1. Change your GitHub password.
2. Enable Two-Factor Authentication.
3. Revoke and recreate personal access and application tokens.

I suppose I have to do that, right? meh...

Re: Why not talk about heartbleed! :P

Reply #1 – April 15, 2014, 02:29:32 pm

came up in a pub quiz I was at last night my team was only one to get it correct

Re: Why not talk about heartbleed! :P

Reply #2 – April 15, 2014, 03:37:02 pm

Quote from: emanuele – April 14, 2014, 06:24:06 pmI suppose I have to do that, right? meh...

I'd think so. Before sites closed the hole it was amazing to see what you could get from the server memory and with almost no effort. I guess the real issue is, no one really knows how long it may have been exploited. The issue was around for, what 2 years, and if anyone knew about it they could have amassed quite the tasty mountain of info.

Quote from: TrayBake – April 15, 2014, 02:29:32 pmcame up in a pub quiz I was at last night my team was only one to get it correct

Awesome

Re: Why not talk about heartbleed! :P

Reply #3 – April 15, 2014, 11:44:09 pm

Changed everything!
Now I should do the same with the various google accounts...

emanuele is scared and annoyed already... lol

Re: Why not talk about heartbleed! :P

Reply #4 – April 17, 2014, 12:00:42 am

How can we find if a site is affected or not. Any simple way like putting our URL as in Google PR check ?

Re: Why not talk about heartbleed! :P

Reply #5 – April 17, 2014, 12:28:50 am

You can use https://filippo.io/Heartbleed/ and enter a URL to see if its effected. Most of the large sites fixed it within hours of it being published. There was a running list of the top 1000+ sites for vulnerability published which put some extra pressure on them to plug the hole.

Re: Why not talk about heartbleed! :P

Reply #6 – April 17, 2014, 03:25:18 pm

Ahhh guys, I made some replies over SMF for heartbleed bug and here's the crux of it

This article seems pretty relevant. Moreover there is a tool link in it to check the ssl security.

If anyone interested in reading, a bit more detailed explanation in terms of technicality about heartbleed is mentioned over here.

Here is about what can be done via exploiting the bug.

I'm still not sure why everyone is changing there passwords, as until a site fixes the server, changing password is still a waste of energy.