Severed bunny head
User Profile | Member List | F.A.Q | Privacy Policy | New Blog | Search Forums | Forums Home
Doomworld Forums : Powered by vBulletin version 2.2.5 Doomworld Forums > Misc. > Everything Else > Heartbleed Bug
Pages (2): [1] 2 »  
Author
All times are GMT. The time now is 03:37. Post New Thread    Post A Reply
Technician
a little slice of /pol/


Posts: 8579
Registered: 08-04


So apparently there is some sort of bug found in OpenSSL that may effect our private information saved on websites.

Here is a list to see if you are possibly fucked.

Old Post Apr 10 2014 21:56 #
Technician is online now || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Maes
Why don't I have a custom title by now?!


Posts: 13985
Registered: 07-06


Bug? More like feature, esse. Entendes, cabron?

Old Post Apr 10 2014 22:03 #
Maes is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
gggmork
If you can make any sense of this post, congratulations


Posts: 2856
Registered: 06-07


Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

Old Post Apr 10 2014 22:28 #
gggmork is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Technician
a little slice of /pol/


Posts: 8579
Registered: 08-04


Or maybe someone outside the loop found an NSA backdoor and forgot to take it to his superior before going to the news media.

Old Post Apr 10 2014 22:34 #
Technician is online now || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Memfis
Honestly, semen doesn't taste that bad.


Posts: 7112
Registered: 04-07


I'm too lazy to change any passwords. hax me if you want, at least that would be something new and exciting.
btw I found it very gay how someone actually came up with a LOGO for some computer error. yeah, it does kind of look like some forced media bomb.

Old Post Apr 10 2014 23:05 #
Memfis is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Bucket
ROCK & LOAD
COCK BEEN BLOWED
IN YOUR MOUTH,
MANJUICE EXPLOAD


Posts: 5179
Registered: 01-04


Well, now would be the worst time to go change your password. Crackers are now aware of the exploit, and webhosts haven't fully addressed it.

Old Post Apr 10 2014 23:17 #
Bucket is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Jaxxoon R
Senior Member


Posts: 2069
Registered: 03-14


So what made this bug happen?

Old Post Apr 10 2014 23:20 #
Jaxxoon R is online now Youtube || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Jodwin
Forum Staple


Posts: 3448
Registered: 02-05


Backdoor exploits in open-source code? Pffffft, didn't you know only dirty M$ code contains bugs like that?

Old Post Apr 10 2014 23:48 #
Jodwin is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
CODOR
Forum Regular


Posts: 858
Registered: 02-06


Doomworld doesn't use SSL/TLS. Problem solved.

Old Post Apr 11 2014 00:30 #
CODOR is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
GreyGhost
I have a custom title now!


Posts: 9414
Registered: 01-08



Jaxxoon R said:
So what made this bug happen?

A simple programming error according to this blog. There are tools available to test sites for this vulnerability, I'll be using one of them and starting with my ISP.

@Technician - maybe not so much an NSA backdoor as a case of spooks exploiting an exploit

Old Post Apr 11 2014 02:54 #
GreyGhost is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Clonehunter
Forum Legend


Posts: 4742
Registered: 03-10



gggmork said:
Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

I said this near exactly on another website when it was brought up a few days ago. They called me crazy!

Old Post Apr 11 2014 04:09 #
Clonehunter is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Bucket
ROCK & LOAD
COCK BEEN BLOWED
IN YOUR MOUTH,
MANJUICE EXPLOAD


Posts: 5179
Registered: 01-04


Don't give Alex Jones any ideas.

Old Post Apr 11 2014 05:01 #
Bucket is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
geo
didn't know being a forum staple was a bad thing


Posts: 4872
Registered: 10-05


So Yahoo and Google... Yahoo has had a cookie exploit for years.

Old Post Apr 11 2014 15:18 #
geo is online now || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Quasar
Moderator


Posts: 6578
Registered: 08-00



gggmork said:
Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

I know most of your posts are sarcastic and this one probably is as well, but I'd just like to mention that as someone whose job involves IT security, I have personal confirmation that this exploit is very real. Several devices in our network have proven to have the vulnerability and we've run exploit test scripts against them and were able to retrieve intentionally injected strings from the machines' memory using it.

We have a buttload of patching work to do to get this all fixed. Fortunately we don't think any of our HTTPS certificates were compromised because they just happen to be used on devices that are NOT vulnerable. Our SSL VPN is another story, though.

Old Post Apr 11 2014 16:37 #
Quasar is offline Twitter account Youtube Github || Blog || PM || Post History || Add Buddy IP || Edit || Quote
walter confalonieri
Forum Staple


Posts: 2579
Registered: 07-09


changed the password from the list sites i use the most (google, facebook), and guys are you sure that this site is "safe"?

Old Post Apr 12 2014 18:41 #
walter confalonieri is offline Youtube || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Gez
Why don't I have a custom title by now?!


Posts: 12534
Registered: 07-07



walter confalonieri said:
changed the password from the list sites i use the most (google, facebook), and guys are you sure that this site is "safe"?

I don't think Doomworld uses SSL (at the very least, it doesn't use https so I'm not sure where SSL would be used) so it's safe from this bug by not being secure. :p

Old Post Apr 12 2014 18:56 #
Gez is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
walter confalonieri
Forum Staple


Posts: 2579
Registered: 07-09


ok, so.. i need to change the password also here, for security?

Old Post Apr 12 2014 19:29 #
walter confalonieri is offline Youtube || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Gez
Why don't I have a custom title by now?!


Posts: 12534
Registered: 07-07


It's generally a good idea to change passwords often, so you can change your Doomworld password if you want; but do so knowing that it's completely unrelated to the Heartbleed issue.

If you log in to a website that uses http: and not https:, you can wager it's not using SSL (the connection isn't secured after all) so Heartbleed is irrelevant because Heartbleed is a vulnerability in a security protocol.


It's kind of like worrying whether your money is safe because you heard of a bank heist, but you don't have a bank account, instead you keep your money in a shoebox under your bed. It's not really a secure place (contrarily to a bank vault) but it's not concerned by bank heists.

Old Post Apr 12 2014 19:45 #
Gez is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
geekmarine
Senior Member


Posts: 2003
Registered: 05-00


Christ... I'm getting sick of passwords. I have so many passwords for so many sites that it's damn hard to remember them all. In fact, often I can't, so I end up having to change my password again, leading to yet another password for me to forget. And even when I do have remember my passwords, I get a message that such-and-such site had a security breech and that everyone needs to change their passwords AGAIN. And I try to be secure, I try to not use the same password for everything unless it's something I don't care about getting hacked, so I add random elements to my passwords, but that just makes me more likely to forget them. It's almost like it'd be easier for hackers to get at my stuff than it is for me.

I mean, what are you supposed to do?

Old Post Apr 12 2014 20:10 #
geekmarine is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Aliotroph?
postCount++


Posts: 2861
Registered: 03-02


You could store them in a portable device like my dad did. Came in handy when he died too.

Old Post Apr 12 2014 21:20 #
Aliotroph? is online now || Blog || PM || Post History || Add Buddy IP || Edit || Quote
40oz
Forum Etiquette Expert


Posts: 7739
Registered: 08-07



geekmarine said:
Christ... I'm getting sick of passwords.

Me too. Too many websites require numbers, capital letters and a max of 8 characters. I hope something comes along that makes passwords obsolete because I too have trouble keeping track of my stuff. I'd thought of copying my passwords into a word document or something so I wouldn't forget them, but I feel like that would simply make my identity more vulnerable.

Sometimes I even end up paying late fees on my credit card bills because logging into the site is such a hassle. I never remember my passwords because what I originally want them to be is never permitted, so I hand write them onto an index card that I keep losing amongst my other paperwork, so I gotta take the time to dig through everything to find it, log in, and then pay my bill.

Old Post Apr 12 2014 21:37 #
40oz is online now || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Nomad
Not dumb enough to get a custom title


Posts: 2774
Registered: 04-04


I know it's "frowned upon" by "security experts," but I generally use the same password for most things other than actually important things; my main email, my bank account, paypal, etc. It would be annoying but not that big of a deal if my Doomworld account got compromised. Heck, whoever it was might improve my reputation if they posted often.

Old Post Apr 12 2014 23:41 #
Nomad is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
printz
CRAZY DUMB ZEALOT


Posts: 9263
Registered: 06-06



40oz said:
I'd thought of copying my passwords into a word document or something so I wouldn't forget them, but I feel like that would simply make my identity more vulnerable.

You can use one or more password-protected LibreOffice documents. It can still be a single point of failure, but I think it's more important that you already have different web passwords.

When I choose different passwords, I really think more of automatic (mass) attacks and bad server design (clear-text passwords) than personal attacks directed at me. That way, if crappy site A receives passwords in plain text, the employees there won't accidentally get to know important site B's password as well. It's more about server-side stupidity putting me at risk, than some enemy that might know all my credentials with one password.

__________________
Top /idgames WADs Automatic Wolfenstein - Version 1.0.1 - also on Android (Updated 28/03/2015)

Last edited by printz on Apr 13 2014 at 00:27

Old Post Apr 13 2014 00:20 #
printz is offline Twitter account Youtube Github || Blog || PM || Post History || Add Buddy IP || Edit || Quote
DuckReconMajor
Forum Legend


Posts: 4229
Registered: 01-09


I would use a piece of paper to keep track of all my passwords until I started using LastPass https://lastpass.com/

It generates a unique random password for each site and stores it for you. Some might say it's just as bad trusting a 3rd party with my passwords, but I haven't had any issues. That I know of at least.

Old Post Apr 13 2014 00:45 #
DuckReconMajor is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
walter confalonieri
Forum Staple


Posts: 2579
Registered: 07-09



Gez said:
It's generally a good idea to change passwords often, so you can change your Doomworld password if you want; but do so knowing that it's completely unrelated to the Heartbleed issue.

If you log in to a website that uses http: and not https:, you can wager it's not using SSL (the connection isn't secured after all) so Heartbleed is irrelevant because Heartbleed is a vulnerability in a security protocol.


It's kind of like worrying whether your money is safe because you heard of a bank heist, but you don't have a bank account, instead you keep your money in a shoebox under your bed. It's not really a secure place (contrarily to a bank vault) but it's not concerned by bank heists.

Ok, thank you

Old Post Apr 13 2014 00:57 #
walter confalonieri is offline Youtube || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Sodaholic
I feel justified yet disgusted with myself at the same time


Posts: 3615
Registered: 04-07


I usually keep my phone in another room and wrapped in some kind of cloth out of fear that my password could be compromised by keystroke sound analysis. I realize there's probably plenty of other methods, but I don't want my local machine to be compromised.

What I really want to do is open it up and install a physical passthrough switch to completely disable/enable the microphone/cameras at will, but haven't gotten around do that yet. Some silly putty or something could probably work as a temporary solution.

Old Post Apr 13 2014 00:59 #
Sodaholic is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
GreyGhost
I have a custom title now!


Posts: 9414
Registered: 01-08



geekmarine said:
I mean, what are you supposed to do?

Use a password manager. My current favourite is KeePass, which I'm also using to store software license keys, pin codes and the like. The program can be run from a flash drive if you don't want to multi-install the software, but I rarely have need of that functionality and just backup the password file at regular intervals.

Old Post Apr 13 2014 03:59 #
GreyGhost is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
darknation
Forum Staple


Posts: 3225
Registered: 03-02



Sodaholic said:
I usually keep my phone in another room and wrapped in some kind of cloth out of fear that my password could be compromised by keystroke sound analysis. I realize there's probably plenty of other methods, but I don't want my local machine to be compromised.

What I really want to do is open it up and install a physical passthrough switch to completely disable/enable the microphone/cameras at will, but haven't gotten around do that yet. Some silly putty or something could probably work as a temporary solution.

you being serious? what on earth could you be doing on a computer that warrants that level of paranoia?

Old Post Apr 13 2014 04:06 #
darknation is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Sodaholic
I feel justified yet disgusted with myself at the same time


Posts: 3615
Registered: 04-07



darknation said:
you being serious? what on earth could you be doing on a computer that warrants that level of paranoia?

Just image editing, level editing, listening to music, etc. I just want privacy from prying eyes is all.

Old Post Apr 13 2014 04:16 #
Sodaholic is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
Kirby
Senior Member


Posts: 1670
Registered: 10-04



Sodaholic said:
Just image editing, level editing, listening to music, etc. I just want privacy from prying eyes is all.

Prying eyes is one thing, but why are you worried about someone breaking your passcodes using keystroke sound analysis? That's a high-tech and targeted means of stealing information which wouldn't be something you'd ever have to worry about unless you have information so valuable that someone has no other choice. Basically, there's no reason to be THAT paranoid unless you have high value or classified data/information.

I mean who could you imagine using that particular tactic anyways? Is the NSA or some renowned hacker so interested in your information that they need to use your phone to hack you? I have work emails with more sensitive information than what you described and I'm not even remotely worried about keystroke sound analysis.

EDIT: Oops, this was a month bump. My apologies.

Old Post May 16 2014 20:20 #
Kirby is offline || Blog || PM || Post History || Add Buddy IP || Edit || Quote
All times are GMT. The time now is 03:37. Post New Thread    Post A Reply
Pages (2): [1] 2 »  
Doomworld Forums : Powered by vBulletin version 2.2.5 Doomworld Forums > Misc. > Everything Else > Heartbleed Bug

Show Printable Version | Email this Page | Subscribe to this Thread

 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is OFF
vB code is ON
Smilies are OFF
[IMG] code is ON
 

< Contact Us - Doomworld >

Powered by: vBulletin Version 2.2.5
Copyright ©2000, 2001, Jelsoft Enterprises Limited.