The God Damn Plane has...!! Well, you know the rest, so check this out.................
This week it has emerged that a major security flaw at the heart of the internet may have been exposing users' personal information and passwords to hackers for the past two years. It is not known how widely the bug has been exploited, if at all, but what is clear is that it is one of the biggest security issues to have faced the internet to date. Security expert Brue Schneier described it as "catastrophic". "On the scale of one to 10, this is an 11."
The BBC has attempted to round up everything you need to know about Heartbleed.
We're fucked! - http://www.bbc.com/news/technology-26969629 (http://www.bbc.com/news/technology-26969629)
(http://news.bbcimg.co.uk/media/images/74156000/gif/_74156496_heartmonitor.gif)
Yes but wait for them to let the dust settle.
The BBC set about scare mongering and telling everyone to change all their passwords. Not allowing for "all" the sites to apply a patch first, which means if you followed the herd and did change all your passwords you have probably (and advisably) to go back and change them again once each site tells you they have fixed the problem.
Quote from: meekon5 on April 11, 2014, 07:48:39 AM
Yes but wait for them to let the dust settle.
The BBC set about scare mongering and telling everyone to change all their passwords. Not allowing for "all" the sites to apply a patch first, which means if you followed the herd and did change all your passwords you have probably (and advisably) to go back and change them again once each site tells you they have fixed the problem.
(http://www.jonathandoctor.net/images/facebook_like_button_big-small.jpg)
Heartbleed certainly caused mayhem at work. That, plus a security audit coming up on 2 of my servers, I'm ready for a fucking holiday.
Quote from: Hominid on April 11, 2014, 08:31:39 PM
Heartbleed certainly caused mayhem at work. That, plus a security audit coming up on 2 of my servers, I'm ready for a fucking holiday.
Sounds like your company needed to take out a piece on the lane, H dude!
I felt like getting a piece out myself! After the audit's done, I'll need some crazy time to cut loose. Lebowski Fest fits the bill, except for the plane fare... *sigh*.. Beer will have to do. ;-)
Quote from: Hominid on April 11, 2014, 08:50:42 PM
I felt like getting a piece out myself! After the audit's done, I'll need some crazy time to cut loose. Lebowski Fest fits the bill, except for the plane fare... *sigh*.. Beer will have to do. ;-)
BEER! ;D(http://dudeism.com/smf/Themes/default/images/post/thumbup.gif)
Nectar of the gods... I'm making some awesome American IPAs of late. A SMaSH ale with great flavor; next up is an Irish red ale. Mm mmm...
Quote from: Hominid on April 11, 2014, 10:28:20 PM
Nectar of the gods... I'm making some awesome American IPAs of late. A SMaSH ale with great flavor; next up is an Irish red ale. Mm mmm...
;D(http://dudeism.com/smf/Themes/default/images/post/thumbup.gif)
I'm sceptical about computer viruses, trojans and suchlike jive. The only people who stand to gain from them are the anti-virus software pushers.
It's like what Lenin said... you look for the person who will benefit, and, uh, uh...
I am the walrus.
Etc.
Quote from: Stumblin Stumbleweed on April 12, 2014, 06:46:08 AM
I'm sceptical about computer viruses, trojans and suchlike jive. The only people who stand to gain from them are the anti-virus software pushers.
It's like what Lenin said... you look for the person who will benefit, and, uh, uh...
I am the walrus.
Etc.
Fuckin' eh!
Quote from: Stumblin Stumbleweed on April 12, 2014, 06:46:08 AM
I'm sceptical about computer viruses, trojans and suchlike jive. The only people who stand to gain from them are the anti-virus software pushers.
It's like what Lenin said... you look for the person who will benefit, and, uh, uh...
I am the walrus.
Etc.
Yes, there's that... but if you knew the black hat community at all, you'd know they use exploits such as Heartbleed to acquire and sell personal data on the black market... it's a daily occurrence. There's more of that going on than companies who get hacked are willing to admit. Soon after such a vulnerability is discovered, the talented hackers write sophisticated tools for the less talented script kiddies to use to break into said systems and wreak havoc. They cost the industry billions a year.
So, it's not JUST for the benefit of MacAfee et al...
Was just reading this......
http://www.bbc.com/news/technology-26985818 (http://www.bbc.com/news/technology-26985818)
It'll be interesting to see how the dust settles on this one. Like M5 said, changing your password is only good *after* your service provider has patched their OpenSSL software.
Quote from: Hominid on April 12, 2014, 10:27:03 PM
It'll be interesting to see how the dust settles on this one. Like M5 said, changing your password is only good *after* your service provider has patched their OpenSSL software.
In the meantime; fuck it, let's get us a lane. 8)
"Gary, two oat soda's!!!"
Quote from: Hominid on April 13, 2014, 11:22:58 AM
"Gary, two oat soda's!!!"
;D(http://dudeism.com/smf/Themes/default/images/post/thumbup.gif)
FYI
7 Heartbleed Myths Debunked (http://readwrite.com/2014/04/14/heartbleed-myths-debunked-fact-fiction?utm_source=ReadWrite+Newsletters&utm_medium=email&utm_campaign=cadab4b3ff-RWWDailyNewsletter&utm_term=0_9fbeb5d667-cadab4b3ff-201304417#awesm=~oBpusPz85K2kY3).
and
What You Need To Know About Heartbleed, A Really Major Bug That Short-Circuits Web Security (http://readwrite.com/2014/04/08/heartbleed-openssl-bug-cryptography-web-security#awesm=~oBpxyAE9EKHgLR).
I do like ReadWrite.com (http://readwrite.com).
Quote from: meekon5 on April 11, 2014, 07:48:39 AM
Yes but wait for them to let the dust settle.
The BBC set about scare mongering and telling everyone to change all their passwords. Not allowing for "all" the sites to apply a patch first, which means if you followed the herd and did change all your passwords you have probably (and advisably) to go back and change them again once each site tells you they have fixed the problem.
At the moment I only have two sites that have asked me to change my password, Pinterest, and Issu.
As Hominid mentioned:
Quote from: Hominid on April 12, 2014, 10:27:03 PM
...*after* your service provider has patched their OpenSSL software.
it's only sites using OpenSSL that are effected.
But I am King of the Anal Retentives and have different passwords for different sites all fifteen characters (plus) long with numbers and none alphanumerics in them. I have a special spreadsheet that runs them up for me by a set of random processes.
It's not just a patch that's required - the SSL certificates need to be replaced on affected sites as well. If you reset your password over an SSL connection that's potentially compromised, you aren't really safe. 95% of the misinformation about heartbleed being passed around is based on this omission.
After a week of this bullshit I'm just about ready to throw in the towel. My major accounts are safe, so I'm ready to just say "Fuck it." and walk out the door.
I was going to come here and ask about this board, but I don't see SSL anywhere. The casualness here is quite impressive!
I haven't read into it but I thought this was only affecting xp users ?
Quote from: milnie on April 14, 2014, 02:41:50 PM
I haven't read into it but I thought this was only affecting xp users ?
OpenSSL is an encryption protocol that 3/4 of the internet uses... financial institutions, ISPs, etc. When you go to a "secure" website, well, guess what - they found out it wasn't!
But pornhub is still safe, right ;)
Send me your account info and I'll let you know.
You mean you haven't got it already.
Your response should be:
I will send you your account details.
Please open this link:
....
;D
One step ahead of me!
You almost had me there ;0
Good porn here
http://youtu.be/dQw4w9WgXcQ (http://youtu.be/dQw4w9WgXcQ)
Why does anyone need anyone else's porn login? Who still uses porn logins? Who still pays for porn?
I'm confused - is this 1998? Did I fall asleep in a time machine?
Quote from: Yeti on April 16, 2014, 03:12:02 AM
Why does anyone need anyone else's porn login? Who still uses porn logins? Who still pays for porn?
I'm confused - is this 1998? Did I fall asleep in a time machine?
In the world of the lazy end user you can almost guarantee that their "Porn Login" is the same password (and probably user name) as some of their other accounts so you just do a simple search across some web sites (e-mail and IP give some very interesting results) and can get into all sorts of things.
;D
BTW, for anyone wondering about the link I posted, look up "Rick Rolled". If you're older than dirt (in Internet years) you'll remember it.
They're calling the Cops, man!
Heartbleed hack case sees first arrest in Canada
(http://img2-cdn.newser.com/square-image/185473-20140416173405/canada-arrests-teen-in-heartbleed-hack.jpeg)
A 19-year-old Canadian became the first person to be arrested in relation to the Heartbleed security breach. Stephen Arthuro Solis-Reyes from London, Ontario was accused of hacking into the Canadian Revenue Agency (CRA)'s website last Friday by the Royal Canadian Mounted Police. The RCMP say Mr Solis-Reyes then stole 900 social insurance numbers.
In a separate development, UK parenting site Mumsnet has provided fresh details about how it fell victim to the bug. The site has published a post explaining how a hacker hijacked several accounts last week - including one belonging to Mumsnet's founder Justine Roberts - after exploiting the cryptology flaw to expose the owners' credentials.
The boys in the crime lab were working in shifts - http://www.bbc.com/news/technology-27058143 (http://www.bbc.com/news/technology-27058143)
(http://asset-0.soup.io/asset/7112/4134_06ef_500.jpeg)