Doom Comic
Register | User Profile | Member List | F.A.Q | Privacy Policy | New Blog | Search Forums | Forums Home
Doomworld Forums : Powered by vBulletin version 2.2.5 Doomworld Forums > Misc. > Everything Else > Heartbleed Bug
Pages (2): [1] 2 »  
Author
All times are GMT. The time now is 19:25. Post New Thread    Post A Reply
Technician
Still no custom title


Posts: 8061
Registered: 08-04


So apparently there is some sort of bug found in OpenSSL that may effect our private information saved on websites.

Here is a list to see if you are possibly fucked.

Old Post 04-10-14 21:56 #
Technician is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Maes
I like big butts!


Posts: 12749
Registered: 07-06


Bug? More like feature, esse. Entendes, cabron?

Old Post 04-10-14 22:03 #
Maes is offline Profile || Blog || PM || Homepage || Search || Add Buddy IP || Edit || Quote
gggmork
If you can make any sense of this post, congratulations


Posts: 2824
Registered: 06-07


Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

Old Post 04-10-14 22:28 #
gggmork is offline Profile || Blog || PM || Homepage || Search || Add Buddy IP || Edit || Quote
Technician
Still no custom title


Posts: 8061
Registered: 08-04


Or maybe someone outside the loop found an NSA backdoor and forgot to take it to his superior before going to the news media.

Old Post 04-10-14 22:34 #
Technician is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Memfis
Forum Spammer


Posts: 5792
Registered: 04-07


I'm too lazy to change any passwords. hax me if you want, at least that would be something new and exciting.
btw I found it very gay how someone actually came up with a LOGO for some computer error. yeah, it does kind of look like some forced media bomb.

Old Post 04-10-14 23:05 #
Memfis is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Bucket
ROCK & LOAD
COCK BEEN BLOWED
IN YOUR MOUTH,
MANJUICE EXPLOAD


Posts: 5001
Registered: 01-04


Well, now would be the worst time to go change your password. Crackers are now aware of the exploit, and webhosts haven't fully addressed it.

Old Post 04-10-14 23:17 #
Bucket is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Jaxxoon R
Member


Posts: 620
Registered: 03-14


So what made this bug happen?

Old Post 04-10-14 23:20 #
Jaxxoon R is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Jodwin
Forum Staple


Posts: 3445
Registered: 02-05


Backdoor exploits in open-source code? Pffffft, didn't you know only dirty M$ code contains bugs like that?

Old Post 04-10-14 23:48 #
Jodwin is offline Profile || Blog || PM || Homepage || Search || Add Buddy IP || Edit || Quote
CODOR
Forum Regular


Posts: 840
Registered: 02-06


Doomworld doesn't use SSL/TLS. Problem solved.

Old Post 04-11-14 00:30 #
CODOR is online now Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
GreyGhost
Why don't I have a custom title by now?!


Posts: 8826
Registered: 01-08



Jaxxoon R said:
So what made this bug happen?
A simple programming error according to this blog. There are tools available to test sites for this vulnerability, I'll be using one of them and starting with my ISP.

@Technician - maybe not so much an NSA backdoor as a case of spooks exploiting an exploit

Old Post 04-11-14 02:54 #
GreyGhost is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Clonehunter
Forum Staple


Posts: 3840
Registered: 03-10



gggmork said:
Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.


I said this near exactly on another website when it was brought up a few days ago. They called me crazy!

Old Post 04-11-14 04:09 #
Clonehunter is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Bucket
ROCK & LOAD
COCK BEEN BLOWED
IN YOUR MOUTH,
MANJUICE EXPLOAD


Posts: 5001
Registered: 01-04


Don't give Alex Jones any ideas.

Old Post 04-11-14 05:01 #
Bucket is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
geo
Forum Staple


Posts: 3537
Registered: 10-05


So Yahoo and Google... Yahoo has had a cookie exploit for years.

Old Post 04-11-14 15:18 #
geo is offline Profile || Blog || PM || Search || Add Buddy IP || Edit || Quote
Quasar
Moderator


Posts: 6123
Registered: 08-00



gggmork said:
Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

I know most of your posts are sarcastic and this one probably is as well, but I'd just like to mention that as someone whose job involves IT security, I have personal confirmation that this exploit is very real. Several devices in our network have proven to have the vulnerability and we've run exploit test scripts against them and were able to retrieve intentionally injected strings from the machines' memory using it.

We have a buttload of patching work to do to get this all fixed. Fortunately we don't think any of our HTTPS certificates were compromised because they just happen to be used on devices that are NOT vulnerable. Our SSL VPN is another story, though.

Old Post 04-11-14 16:37 #
Quasar is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
walter confalonieri
Senior Member


Posts: 2144
Registered: 07-09


changed the password from the list sites i use the most (google, facebook), and guys are you sure that this site is "safe"?

Old Post 04-12-14 18:41 #
walter confalonieri is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
Gez
Why don't I have a custom title by now?!


Posts: 11367
Registered: 07-07



walter confalonieri said:
changed the password from the list sites i use the most (google, facebook), and guys are you sure that this site is "safe"?


I don't think Doomworld uses SSL (at the very least, it doesn't use https so I'm not sure where SSL would be used) so it's safe from this bug by not being secure. :p

Old Post 04-12-14 18:56 #
Gez is online now Profile || Blog || PM || Search || Add Buddy IP || Edit || Quote
walter confalonieri
Senior Member


Posts: 2144
Registered: 07-09


ok, so.. i need to change the password also here, for security?

Old Post 04-12-14 19:29 #
walter confalonieri is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
Gez
Why don't I have a custom title by now?!


Posts: 11367
Registered: 07-07


It's generally a good idea to change passwords often, so you can change your Doomworld password if you want; but do so knowing that it's completely unrelated to the Heartbleed issue.

If you log in to a website that uses http: and not https:, you can wager it's not using SSL (the connection isn't secured after all) so Heartbleed is irrelevant because Heartbleed is a vulnerability in a security protocol.


It's kind of like worrying whether your money is safe because you heard of a bank heist, but you don't have a bank account, instead you keep your money in a shoebox under your bed. It's not really a secure place (contrarily to a bank vault) but it's not concerned by bank heists.

Old Post 04-12-14 19:45 #
Gez is online now Profile || Blog || PM || Search || Add Buddy IP || Edit || Quote
geekmarine
Senior Member


Posts: 1846
Registered: 05-00


Christ... I'm getting sick of passwords. I have so many passwords for so many sites that it's damn hard to remember them all. In fact, often I can't, so I end up having to change my password again, leading to yet another password for me to forget. And even when I do have remember my passwords, I get a message that such-and-such site had a security breech and that everyone needs to change their passwords AGAIN. And I try to be secure, I try to not use the same password for everything unless it's something I don't care about getting hacked, so I add random elements to my passwords, but that just makes me more likely to forget them. It's almost like it'd be easier for hackers to get at my stuff than it is for me.

I mean, what are you supposed to do?

Old Post 04-12-14 20:10 #
geekmarine is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
Aliotroph?
postCount++


Posts: 2675
Registered: 03-02


You could store them in a portable device like my dad did. Came in handy when he died too.

Old Post 04-12-14 21:20 #
Aliotroph? is offline Profile || Blog || PM || Search || Add Buddy IP || Edit || Quote
40oz
Forum Spammer


Posts: 6967
Registered: 08-07



geekmarine said:
Christ... I'm getting sick of passwords.


Me too. Too many websites require numbers, capital letters and a max of 8 characters. I hope something comes along that makes passwords obsolete because I too have trouble keeping track of my stuff. I'd thought of copying my passwords into a word document or something so I wouldn't forget them, but I feel like that would simply make my identity more vulnerable.

Sometimes I even end up paying late fees on my credit card bills because logging into the site is such a hassle. I never remember my passwords because what I originally want them to be is never permitted, so I hand write them onto an index card that I keep losing amongst my other paperwork, so I gotta take the time to dig through everything to find it, log in, and then pay my bill.

Old Post 04-12-14 21:37 #
40oz is online now Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
Nomad
Not dumb enough to get a custom title


Posts: 2738
Registered: 04-04


I know it's "frowned upon" by "security experts," but I generally use the same password for most things other than actually important things; my main email, my bank account, paypal, etc. It would be annoying but not that big of a deal if my Doomworld account got compromised. Heck, whoever it was might improve my reputation if they posted often.

Old Post 04-12-14 23:41 #
Nomad is offline Profile || Blog || PM || Homepage || Search || Add Buddy IP || Edit || Quote
printz
CRAZY DUMB ZEALOT


Posts: 8890
Registered: 06-06



40oz said:
I'd thought of copying my passwords into a word document or something so I wouldn't forget them, but I feel like that would simply make my identity more vulnerable.
You can use one or more password-protected LibreOffice documents. It can still be a single point of failure, but I think it's more important that you already have different web passwords.

When I choose different passwords, I really think more of automatic (mass) attacks and bad server design (clear-text passwords) than personal attacks directed at me. That way, if crappy site A receives passwords in plain text, the employees there won't accidentally get to know important site B's password as well. It's more about server-side stupidity putting me at risk, than some enemy that might know all my credentials with one password.

__________________
Automatic Wolfenstein - Version 1.0 - also on Android

Last edited by printz on 04-13-14 at 00:27

Old Post 04-13-14 00:20 #
printz is offline Profile || Blog || PM || Homepage || Search || Add Buddy IP || Edit || Quote
DuckReconMajor
Forum Legend


Posts: 4227
Registered: 01-09


I would use a piece of paper to keep track of all my passwords until I started using LastPass https://lastpass.com/

It generates a unique random password for each site and stores it for you. Some might say it's just as bad trusting a 3rd party with my passwords, but I haven't had any issues. That I know of at least.

Old Post 04-13-14 00:45 #
DuckReconMajor is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
walter confalonieri
Senior Member


Posts: 2144
Registered: 07-09



Gez said:
It's generally a good idea to change passwords often, so you can change your Doomworld password if you want; but do so knowing that it's completely unrelated to the Heartbleed issue.

If you log in to a website that uses http: and not https:, you can wager it's not using SSL (the connection isn't secured after all) so Heartbleed is irrelevant because Heartbleed is a vulnerability in a security protocol.


It's kind of like worrying whether your money is safe because you heard of a bank heist, but you don't have a bank account, instead you keep your money in a shoebox under your bed. It's not really a secure place (contrarily to a bank vault) but it's not concerned by bank heists.



Ok, thank you

Old Post 04-13-14 00:57 #
walter confalonieri is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
Sodaholic
I feel justified yet disgusted with myself at the same time


Posts: 2929
Registered: 04-07


I usually keep my phone in another room and wrapped in some kind of cloth out of fear that my password could be compromised by keystroke sound analysis. I realize there's probably plenty of other methods, but I don't want my local machine to be compromised.

What I really want to do is open it up and install a physical passthrough switch to completely disable/enable the microphone/cameras at will, but haven't gotten around do that yet. Some silly putty or something could probably work as a temporary solution.

Old Post 04-13-14 00:59 #
Sodaholic is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
GreyGhost
Why don't I have a custom title by now?!


Posts: 8826
Registered: 01-08



geekmarine said:
I mean, what are you supposed to do?
Use a password manager. My current favourite is KeePass, which I'm also using to store software license keys, pin codes and the like. The program can be run from a flash drive if you don't want to multi-install the software, but I rarely have need of that functionality and just backup the password file at regular intervals.

Old Post 04-13-14 03:59 #
GreyGhost is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
darknation
Forum Staple


Posts: 3083
Registered: 03-02



Sodaholic said:
I usually keep my phone in another room and wrapped in some kind of cloth out of fear that my password could be compromised by keystroke sound analysis. I realize there's probably plenty of other methods, but I don't want my local machine to be compromised.

What I really want to do is open it up and install a physical passthrough switch to completely disable/enable the microphone/cameras at will, but haven't gotten around do that yet. Some silly putty or something could probably work as a temporary solution.

you being serious? what on earth could you be doing on a computer that warrants that level of paranoia?

Old Post 04-13-14 04:06 #
darknation is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit || Quote
Sodaholic
I feel justified yet disgusted with myself at the same time


Posts: 2929
Registered: 04-07



darknation said:
you being serious? what on earth could you be doing on a computer that warrants that level of paranoia?
Just image editing, level editing, listening to music, etc. I just want privacy from prying eyes is all.

Old Post 04-13-14 04:16 #
Sodaholic is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
Kirby
Senior Member


Posts: 1597
Registered: 10-04



Sodaholic said:
Just image editing, level editing, listening to music, etc. I just want privacy from prying eyes is all.

Prying eyes is one thing, but why are you worried about someone breaking your passcodes using keystroke sound analysis? That's a high-tech and targeted means of stealing information which wouldn't be something you'd ever have to worry about unless you have information so valuable that someone has no other choice. Basically, there's no reason to be THAT paranoid unless you have high value or classified data/information.

I mean who could you imagine using that particular tactic anyways? Is the NSA or some renowned hacker so interested in your information that they need to use your phone to hack you? I have work emails with more sensitive information than what you described and I'm not even remotely worried about keystroke sound analysis.

EDIT: Oops, this was a month bump. My apologies.

Old Post 05-16-14 20:20 #
Kirby is online now Profile || Blog || PM || Email || Search || Add Buddy IP || Edit || Quote
All times are GMT. The time now is 19:25. Post New Thread    Post A Reply
Pages (2): [1] 2 »  
Doomworld Forums : Powered by vBulletin version 2.2.5 Doomworld Forums > Misc. > Everything Else > Heartbleed Bug

Show Printable Version | Email this Page | Subscribe to this Thread

 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is OFF
vB code is ON
Smilies are OFF
[IMG] code is ON
 

< Contact Us - Doomworld >

Powered by: vBulletin Version 2.2.5
Copyright ©2000, 2001, Jelsoft Enterprises Limited.