Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Technician

Heartbleed Bug

Recommended Posts

Bug? More like feature, esse. Entendes, cabron?

Share this post


Link to post

Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

Share this post


Link to post

Or maybe someone outside the loop found an NSA backdoor and forgot to take it to his superior before going to the news media.

Share this post


Link to post

I'm too lazy to change any passwords. hax me if you want, at least that would be something new and exciting.
btw I found it very gay how someone actually came up with a LOGO for some computer error. yeah, it does kind of look like some forced media bomb.

Share this post


Link to post

Well, now would be the worst time to go change your password. Crackers are now aware of the exploit, and webhosts haven't fully addressed it.

Share this post


Link to post

Backdoor exploits in open-source code? Pffffft, didn't you know only dirty M$ code contains bugs like that?

Share this post


Link to post
gggmork said:

Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.


I said this near exactly on another website when it was brought up a few days ago. They called me crazy!

Share this post


Link to post

So Yahoo and Google... Yahoo has had a cookie exploit for years.

Share this post


Link to post
gggmork said:

Maybe there is no bug. Instead, they make a false media frenzy about there being a bug as an excuse to create an update. Then the update has the trojan horse in it. All your internet/passwords/etc are belong to us.

I know most of your posts are sarcastic and this one probably is as well, but I'd just like to mention that as someone whose job involves IT security, I have personal confirmation that this exploit is very real. Several devices in our network have proven to have the vulnerability and we've run exploit test scripts against them and were able to retrieve intentionally injected strings from the machines' memory using it.

We have a buttload of patching work to do to get this all fixed. Fortunately we don't think any of our HTTPS certificates were compromised because they just happen to be used on devices that are NOT vulnerable. Our SSL VPN is another story, though.

Share this post


Link to post

changed the password from the list sites i use the most (google, facebook), and guys are you sure that this site is "safe"?

Share this post


Link to post
walter confalonieri said:

changed the password from the list sites i use the most (google, facebook), and guys are you sure that this site is "safe"?


I don't think Doomworld uses SSL (at the very least, it doesn't use https so I'm not sure where SSL would be used) so it's safe from this bug by not being secure. :p

Share this post


Link to post

It's generally a good idea to change passwords often, so you can change your Doomworld password if you want; but do so knowing that it's completely unrelated to the Heartbleed issue.

If you log in to a website that uses http: and not https:, you can wager it's not using SSL (the connection isn't secured after all) so Heartbleed is irrelevant because Heartbleed is a vulnerability in a security protocol.


It's kind of like worrying whether your money is safe because you heard of a bank heist, but you don't have a bank account, instead you keep your money in a shoebox under your bed. It's not really a secure place (contrarily to a bank vault) but it's not concerned by bank heists.

Share this post


Link to post

Christ... I'm getting sick of passwords. I have so many passwords for so many sites that it's damn hard to remember them all. In fact, often I can't, so I end up having to change my password again, leading to yet another password for me to forget. And even when I do have remember my passwords, I get a message that such-and-such site had a security breech and that everyone needs to change their passwords AGAIN. And I try to be secure, I try to not use the same password for everything unless it's something I don't care about getting hacked, so I add random elements to my passwords, but that just makes me more likely to forget them. It's almost like it'd be easier for hackers to get at my stuff than it is for me.

I mean, what are you supposed to do?

Share this post


Link to post
geekmarine said:

Christ... I'm getting sick of passwords.


Me too. Too many websites require numbers, capital letters and a max of 8 characters. I hope something comes along that makes passwords obsolete because I too have trouble keeping track of my stuff. I'd thought of copying my passwords into a word document or something so I wouldn't forget them, but I feel like that would simply make my identity more vulnerable.

Sometimes I even end up paying late fees on my credit card bills because logging into the site is such a hassle. I never remember my passwords because what I originally want them to be is never permitted, so I hand write them onto an index card that I keep losing amongst my other paperwork, so I gotta take the time to dig through everything to find it, log in, and then pay my bill.

Share this post


Link to post

I know it's "frowned upon" by "security experts," but I generally use the same password for most things other than actually important things; my main email, my bank account, paypal, etc. It would be annoying but not that big of a deal if my Doomworld account got compromised. Heck, whoever it was might improve my reputation if they posted often.

Share this post


Link to post
40oz said:

I'd thought of copying my passwords into a word document or something so I wouldn't forget them, but I feel like that would simply make my identity more vulnerable.

You can use one or more password-protected LibreOffice documents. It can still be a single point of failure, but I think it's more important that you already have different web passwords.

When I choose different passwords, I really think more of automatic (mass) attacks and bad server design (clear-text passwords) than personal attacks directed at me. That way, if crappy site A receives passwords in plain text, the employees there won't accidentally get to know important site B's password as well. It's more about server-side stupidity putting me at risk, than some enemy that might know all my credentials with one password.

Share this post


Link to post

I would use a piece of paper to keep track of all my passwords until I started using LastPass https://lastpass.com/

It generates a unique random password for each site and stores it for you. Some might say it's just as bad trusting a 3rd party with my passwords, but I haven't had any issues. That I know of at least.

Share this post


Link to post
Gez said:

It's generally a good idea to change passwords often, so you can change your Doomworld password if you want; but do so knowing that it's completely unrelated to the Heartbleed issue.

If you log in to a website that uses http: and not https:, you can wager it's not using SSL (the connection isn't secured after all) so Heartbleed is irrelevant because Heartbleed is a vulnerability in a security protocol.


It's kind of like worrying whether your money is safe because you heard of a bank heist, but you don't have a bank account, instead you keep your money in a shoebox under your bed. It's not really a secure place (contrarily to a bank vault) but it's not concerned by bank heists.


Ok, thank you

Share this post


Link to post

I usually keep my phone in another room and wrapped in some kind of cloth out of fear that my password could be compromised by keystroke sound analysis. I realize there's probably plenty of other methods, but I don't want my local machine to be compromised.

What I really want to do is open it up and install a physical passthrough switch to completely disable/enable the microphone/cameras at will, but haven't gotten around do that yet. Some silly putty or something could probably work as a temporary solution.

Share this post


Link to post
geekmarine said:

I mean, what are you supposed to do?

Use a password manager. My current favourite is KeePass, which I'm also using to store software license keys, pin codes and the like. The program can be run from a flash drive if you don't want to multi-install the software, but I rarely have need of that functionality and just backup the password file at regular intervals.

Share this post


Link to post
Sodaholic said:

I usually keep my phone in another room and wrapped in some kind of cloth out of fear that my password could be compromised by keystroke sound analysis. I realize there's probably plenty of other methods, but I don't want my local machine to be compromised.

What I really want to do is open it up and install a physical passthrough switch to completely disable/enable the microphone/cameras at will, but haven't gotten around do that yet. Some silly putty or something could probably work as a temporary solution.

you being serious? what on earth could you be doing on a computer that warrants that level of paranoia?

Share this post


Link to post
darknation said:

you being serious? what on earth could you be doing on a computer that warrants that level of paranoia?

Just image editing, level editing, listening to music, etc. I just want privacy from prying eyes is all.

Share this post


Link to post
Sodaholic said:

Just image editing, level editing, listening to music, etc. I just want privacy from prying eyes is all.

Prying eyes is one thing, but why are you worried about someone breaking your passcodes using keystroke sound analysis? That's a high-tech and targeted means of stealing information which wouldn't be something you'd ever have to worry about unless you have information so valuable that someone has no other choice. Basically, there's no reason to be THAT paranoid unless you have high value or classified data/information.

I mean who could you imagine using that particular tactic anyways? Is the NSA or some renowned hacker so interested in your information that they need to use your phone to hack you? I have work emails with more sensitive information than what you described and I'm not even remotely worried about keystroke sound analysis.

EDIT: Oops, this was a month bump. My apologies.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×