What's new
By:
Pinball info

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Heartbleed Bug

Paul

Paul

Staff member
10 Years
Joined
Oct 5, 2012
Messages
12,220
Location
South Wales
Just a quikie to advise that we are NOT affected by this heartbleed bug issue that seems to be doing the rounds at the moment.

Just in case you havent heard....

The Heart Bleed virus allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data like credit card numbers, passwords, and other personal information. The first defence for Internet users, then, is to change your passwords to protect your information from being taken and abused.

However, if a major website is still vulnerable to the Heart Bleed bug, changing a password won't matter; the website would have to update their software first. To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe. Sites like Facebook, Gmail, Amazon, Yahoo!, Twitter and others have already updated their software.

The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a "heartbeat," which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.

Worse, this flaw is undetectable by current standards and has existed under the radar for about two years.
Click to expand...

Personally I actually use a plugin for chrome called "chromebleed" which will tell me if the site itself is not secure....

We're fine here as we dont use SSL :)

Paul
 
Last edited:
As someone with some background in this stuff, I recommend you:
  • Consider where you use your cards online for now
  • Banks should have secondary authentication such as a random number generator
  • Look to enable secondary authentication as above on any place that offers it. (paypay can text you a one time code to add security to your login for instance)
  • Consider if you really need to use a sensitive site
  • Change your passwords in a few weeks when things calm down
If you change your password now, it could well be in the memory this hack exposes unless the site is fixed.
This site doesn't use SSL so the passwords are sent in the clear, over your local network, the internet and then where the servers reside. Whilst it would take someone to have access in those networks, that is a huge amount of potential people who are already reading your password. Hence why we recommend separate passwords for every side which is a massive pain. I suggest come up with a system for each site, use a standard password with numbers and letters, then add on some elements for each site. Plus use a password that is a sentence, that will make it longer but easier to remember. "Pinball_rocks_but_costs_so_much2014" is going to take someone ages to break.
 
You must log in or register to reply here.
Back
Top Bottom