Why not talk about heartbleed! :P April 14, 2014, 12:24:06 pm I suppose you have heard about it already (OpenSSL bug, if you haven't just google it in your preferred language and you'll get plenty of results).Github was affected too:https://github.com/blog/1818-security-heartbleed-vulnerabilitythey suggest:Quote1. Change your GitHub password.2. Enable Two-Factor Authentication.3. Revoke and recreate personal access and application tokens.I suppose I have to do that, right? meh...
Re: Why not talk about heartbleed! :P Reply #1 – April 15, 2014, 08:29:32 am came up in a pub quiz I was at last night my team was only one to get it correct
Re: Why not talk about heartbleed! :P Reply #2 – April 15, 2014, 09:37:02 am Quote from: emanuele – April 14, 2014, 12:24:06 pmI suppose I have to do that, right? meh...I'd think so. Before sites closed the hole it was amazing to see what you could get from the server memory and with almost no effort. I guess the real issue is, no one really knows how long it may have been exploited. The issue was around for, what 2 years, and if anyone knew about it they could have amassed quite the tasty mountain of info.Quote from: TrayBake – April 15, 2014, 08:29:32 amcame up in a pub quiz I was at last night my team was only one to get it correct Awesome
Re: Why not talk about heartbleed! :P Reply #3 – April 15, 2014, 05:44:09 pm Changed everything!Now I should do the same with the various google accounts... emanuele is scared and annoyed already... lol
Re: Why not talk about heartbleed! :P Reply #4 – April 16, 2014, 06:00:42 pm How can we find if a site is affected or not. Any simple way like putting our URL as in Google PR check ?
Re: Why not talk about heartbleed! :P Reply #5 – April 16, 2014, 06:28:50 pm You can use https://filippo.io/Heartbleed/ and enter a URL to see if its effected. Most of the large sites fixed it within hours of it being published. There was a running list of the top 1000+ sites for vulnerability published which put some extra pressure on them to plug the hole.
Re: Why not talk about heartbleed! :P Reply #6 – April 17, 2014, 09:25:18 am Ahhh guys, I made some replies over SMF for heartbleed bug and here's the crux of itThis article seems pretty relevant. Moreover there is a tool link in it to check the ssl security.If anyone interested in reading, a bit more detailed explanation in terms of technicality about heartbleed is mentioned over here.Here is about what can be done via exploiting the bug.I'm still not sure why everyone is changing there passwords, as until a site fixes the server, changing password is still a waste of energy.