My Community

Dudeist Art => Technology => Topic started by: DigitalBuddha on April 10, 2014, 09:02:43 PM

Title: The God Damn Plane has...!!
Post by: DigitalBuddha on April 10, 2014, 09:02:43 PM
The God Damn Plane has...!! Well, you know the rest, so check this out.................

This week it has emerged that a major security flaw at the heart of the internet may have been exposing users' personal information and passwords to hackers for the past two years. It is not known how widely the bug has been exploited, if at all, but what is clear is that it is one of the biggest security issues to have faced the internet to date. Security expert Brue Schneier described it as "catastrophic". "On the scale of one to 10, this is an 11."

The BBC has attempted to round up everything you need to know about Heartbleed.

We're fucked! -
http://www.bbc.com/news/technology-26969629 (http://www.bbc.com/news/technology-26969629)

(http://news.bbcimg.co.uk/media/images/74156000/gif/_74156496_heartmonitor.gif)
Title: Re: The God Damn Plane has...!!
Post by: meekon5 on April 11, 2014, 07:48:39 AM
Yes but wait for them  to let the dust settle.


The BBC set about scare mongering and telling everyone to change all their passwords. Not allowing for "all" the sites to apply a patch first, which means if you followed the herd and did change all your passwords you have probably (and advisably) to go back and change them again once each site tells you they have fixed the problem.
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 11, 2014, 07:53:47 AM
Yes but wait for them  to let the dust settle.


The BBC set about scare mongering and telling everyone to change all their passwords. Not allowing for "all" the sites to apply a patch first, which means if you followed the herd and did change all your passwords you have probably (and advisably) to go back and change them again once each site tells you they have fixed the problem.

(http://www.jonathandoctor.net/images/facebook_like_button_big-small.jpg)
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 11, 2014, 08:31:39 PM
Heartbleed certainly caused mayhem at work.  That, plus a security audit coming up on 2 of my servers, I'm ready for a fucking holiday.
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 11, 2014, 08:36:09 PM
Heartbleed certainly caused mayhem at work.  That, plus a security audit coming up on 2 of my servers, I'm ready for a fucking holiday.

Sounds like your company needed to take out a piece on the lane, H dude!
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 11, 2014, 08:50:42 PM
I felt like getting a piece out myself!  After the audit's done, I'll need some crazy time to cut loose.  Lebowski Fest fits the bill, except for the plane fare...  *sigh*.. Beer will have to do.  ;-)
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 11, 2014, 09:30:05 PM
I felt like getting a piece out myself!  After the audit's done, I'll need some crazy time to cut loose.  Lebowski Fest fits the bill, except for the plane fare...  *sigh*.. Beer will have to do.  ;-)

BEER! ;D(http://dudeism.com/smf/Themes/default/images/post/thumbup.gif)
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 11, 2014, 10:28:20 PM
Nectar of the gods...  I'm making some awesome American IPAs of late.  A SMaSH ale with great flavor; next up is an Irish red ale.  Mm mmm...
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 12, 2014, 04:27:47 AM
Nectar of the gods...  I'm making some awesome American IPAs of late.  A SMaSH ale with great flavor; next up is an Irish red ale.  Mm mmm...

;D(http://dudeism.com/smf/Themes/default/images/post/thumbup.gif)
Title: Re: The God Damn Plane has...!!
Post by: Stumblin Stumbleweed on April 12, 2014, 06:46:08 AM
I'm sceptical about computer viruses, trojans and suchlike jive. The only people who stand to gain from them are the anti-virus software pushers.
It's like what Lenin said... you look for the person who will benefit, and, uh, uh...
I am the walrus.
Etc.
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 12, 2014, 07:11:42 AM
I'm sceptical about computer viruses, trojans and suchlike jive. The only people who stand to gain from them are the anti-virus software pushers.
It's like what Lenin said... you look for the person who will benefit, and, uh, uh...
I am the walrus.
Etc.

Fuckin' eh!
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 12, 2014, 08:03:34 AM
I'm sceptical about computer viruses, trojans and suchlike jive. The only people who stand to gain from them are the anti-virus software pushers.
It's like what Lenin said... you look for the person who will benefit, and, uh, uh...
I am the walrus.
Etc.

Yes, there's that... but if you knew the black hat community at all, you'd know they use exploits such as Heartbleed to acquire and sell personal data on the black market... it's a daily occurrence.  There's more of that going on than companies who get hacked are willing to admit.  Soon after such a vulnerability is discovered, the talented hackers write sophisticated tools for the less talented script kiddies to use to break into said systems and wreak havoc.  They cost the industry billions a year.

So, it's not JUST for the benefit of MacAfee et al...
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 12, 2014, 09:29:55 PM
Was just reading this......

http://www.bbc.com/news/technology-26985818 (http://www.bbc.com/news/technology-26985818)
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 12, 2014, 10:27:03 PM
It'll be interesting to see how the dust settles on this one.  Like M5 said, changing your password is only good *after* your service provider has patched their OpenSSL software.
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 13, 2014, 01:22:13 AM
It'll be interesting to see how the dust settles on this one.  Like M5 said, changing your password is only good *after* your service provider has patched their OpenSSL software.

In the meantime; fuck it, let's get us a lane. 8)
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 13, 2014, 11:22:58 AM
"Gary, two oat soda's!!!"
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 13, 2014, 08:14:25 PM
"Gary, two oat soda's!!!"

;D(http://dudeism.com/smf/Themes/default/images/post/thumbup.gif)
Title: Re: The God Damn Plane has...!!
Post by: meekon5 on April 14, 2014, 08:42:28 AM
FYI

7 Heartbleed Myths Debunked (http://readwrite.com/2014/04/14/heartbleed-myths-debunked-fact-fiction?utm_source=ReadWrite+Newsletters&utm_medium=email&utm_campaign=cadab4b3ff-RWWDailyNewsletter&utm_term=0_9fbeb5d667-cadab4b3ff-201304417#awesm=~oBpusPz85K2kY3).

and

What You Need To Know About Heartbleed, A Really Major Bug That Short-Circuits Web Security (http://readwrite.com/2014/04/08/heartbleed-openssl-bug-cryptography-web-security#awesm=~oBpxyAE9EKHgLR).

I do like ReadWrite.com (http://readwrite.com).

Title: Re: The God Damn Plane has...!!
Post by: meekon5 on April 14, 2014, 09:02:32 AM
Yes but wait for them  to let the dust settle.


The BBC set about scare mongering and telling everyone to change all their passwords. Not allowing for "all" the sites to apply a patch first, which means if you followed the herd and did change all your passwords you have probably (and advisably) to go back and change them again once each site tells you they have fixed the problem.

At the moment I only have two sites that have asked me to change my password, Pinterest, and Issu.

As Hominid mentioned:

...*after* your service provider has patched their OpenSSL software.

 it's only sites using OpenSSL that are effected.

But I am King of the Anal Retentives and have different passwords for different sites all fifteen characters (plus) long with numbers and none alphanumerics in them. I have a special spreadsheet that runs them up for me by a set of random processes.
Title: Re: The God Damn Plane has...!!
Post by: Yeti on April 14, 2014, 12:48:53 PM
It's not just a patch that's required - the SSL certificates need to be replaced on affected sites as well. If you reset your password over an SSL connection that's potentially compromised, you aren't really safe. 95% of the misinformation about heartbleed being passed around is based on this omission.

After a week of this bullshit I'm just about ready to throw in the towel. My major accounts are safe, so I'm ready to just say "Fuck it." and walk out the door.

I was going to come here and ask about this board, but I don't see SSL anywhere. The casualness here is quite impressive!
Title: Re: The God Damn Plane has...!!
Post by: milnie on April 14, 2014, 02:41:50 PM
I haven't read into it but I thought this was only affecting xp users ?
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 14, 2014, 03:25:44 PM
I haven't read into it but I thought this was only affecting xp users ?

OpenSSL is an encryption protocol that 3/4 of the internet uses... financial institutions, ISPs, etc.  When you go to a "secure" website, well, guess what - they found out it wasn't! 
Title: Re: The God Damn Plane has...!!
Post by: milnie on April 15, 2014, 11:30:37 AM
But pornhub is still safe, right ;)
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 15, 2014, 12:52:44 PM
Send me your account info and I'll let you know.
Title: Re: The God Damn Plane has...!!
Post by: meekon5 on April 15, 2014, 01:10:31 PM
You mean you haven't got it already.

Your response should be:

I will send you your account details.

Please open this link:

....


;D
Title: Re: The God Damn Plane has...!!
Post by: Hominid on April 15, 2014, 04:36:40 PM
One step ahead of me!
Title: Re: The God Damn Plane has...!!
Post by: milnie on April 15, 2014, 05:16:19 PM
You almost had me there ;0
Title: Re: The God Damn Plane has...!!
Post by: jdurand on April 16, 2014, 12:53:45 AM
Good porn here
http://youtu.be/dQw4w9WgXcQ (http://youtu.be/dQw4w9WgXcQ)
Title: Re: The God Damn Plane has...!!
Post by: Yeti on April 16, 2014, 03:12:02 AM
Why does anyone need anyone else's porn login? Who still uses porn logins? Who still pays for porn?

I'm confused - is this 1998? Did I fall asleep in a time machine?
Title: Re: The God Damn Plane has...!!
Post by: meekon5 on April 16, 2014, 07:19:01 AM
Why does anyone need anyone else's porn login? Who still uses porn logins? Who still pays for porn?

I'm confused - is this 1998? Did I fall asleep in a time machine?

In the world of the lazy end user you can almost guarantee that their "Porn Login" is the same password (and probably user name) as some of their other accounts so you just  do a simple search across some web sites (e-mail and IP give some very interesting results) and can get into all sorts of things.

;D
Title: Re: The God Damn Plane has...!!
Post by: jdurand on April 16, 2014, 03:45:28 PM
BTW, for anyone wondering about the link I posted, look up "Rick Rolled".  If you're older than dirt (in Internet years) you'll remember it.
Title: Re: The God Damn Plane has...!!
Post by: DigitalBuddha on April 17, 2014, 02:41:39 AM
They're calling the Cops, man!

Heartbleed hack case sees first arrest in Canada

(http://img2-cdn.newser.com/square-image/185473-20140416173405/canada-arrests-teen-in-heartbleed-hack.jpeg)

A 19-year-old Canadian became the first person to be arrested in relation to the Heartbleed security breach. Stephen Arthuro Solis-Reyes from London, Ontario was accused of hacking into the Canadian Revenue Agency (CRA)'s website last Friday by the Royal Canadian Mounted Police. The RCMP say Mr Solis-Reyes then stole 900 social insurance numbers.

In a separate development, UK parenting site Mumsnet has provided fresh details about how it fell victim to the bug. The site has published a post explaining how a hacker hijacked several accounts last week - including one belonging to Mumsnet's founder Justine Roberts - after exploiting the cryptology flaw to expose the owners' credentials.

The boys in the crime lab were working in shifts - http://www.bbc.com/news/technology-27058143 (http://www.bbc.com/news/technology-27058143)
Title: Re: The God Damn Plane has...!!
Post by: jdurand on April 17, 2014, 02:54:40 PM
(http://asset-0.soup.io/asset/7112/4134_06ef_500.jpeg)