July 23, 2024, 05:52:04 am

The Gang Garrison 2 Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

NOTICE: Wondering where all the forums have gone?

Join the community Discord server!

Pages: [1] 2

Author Topic: On the heartbleed security bug  (Read 9716 times)

MedO

  • Owns this place
  • *****
  • Karma: 151
  • Offline Offline
  • Posts: 1752
On the heartbleed security bug
« on: April 10, 2014, 05:52:29 pm »

Hi everyone. This is a short public service announcement regarding the recently discovered Heartbleed security bug. Basically, the bug allows any attacker in no special position at all to eavesdrop on random parts of random https connections. A large number of internet services were affected, and if you e.g. logged into one of them recently, an attacker might have eavesdropped on your login and password.

It's not known if any services have been attacked like this and by whom, but it's likely that it happened at least in some places after the bug was published a few days ago. So, best change your passwords everywhere. Yaaay!

However, I can assure you that your forum account is safe from this bug, because we don't use https. That's right, we don't encrypt your connection, so your password is safe! Except from that neighbor in your WiFi network. Or your ISP. Or the intelligence services. Basically, anyone who could directly see the data flow between your PC and ganggarrison.com. But ironic as it is, that might still be more secure than a Heartbleed-affected https, because that can leak your password to an attacker anywhere on the internet.

Since we outsourced our website to Shutter Research, I'd like to pass on the press statement of their CEO:
Quote from: Den Thomson
We here at Shutter Research don't believe in all that security junk. We just put our code chimps in cages and call it a day. Looks like it saved our trousers this time!
« Last Edit: April 10, 2014, 05:53:30 pm by MedO »
Logged
Quote from: Alfred North Whitehead
It is the business of the future to be dangerous; and it is among the merits of science that it equips the future for its duties.

Quote from: John Carmack
[...] if you have a large enough codebase, any class of error that is syntactically legal probably exists there.

Phantom Brave

  • All Hail Classicwell
  • Designer
  • *****
  • Karma: 70
  • Offline Offline
  • Posts: 12532
  • Another one --
Re: On the heartbleed security bug
« Reply #1 on: April 10, 2014, 06:25:58 pm »

Steam was attacked by some anonymous people who defaced the name of the new South Park game by hijacking a dev's account or something.
Logged

http://steamcommunity.com/id/wareya/
ladies and gentlemen i would like to announce that the fact of the matter is up that the fact of the matter is a fact and it matters

MedO

  • Owns this place
  • *****
  • Karma: 151
  • Offline Offline
  • Posts: 1752
Re: On the heartbleed security bug
« Reply #2 on: April 11, 2014, 02:08:31 am »

Today's XKCD comic has an easy to understand explanation of how it works: http://xkcd.com/1354/
Logged
Quote from: Alfred North Whitehead
It is the business of the future to be dangerous; and it is among the merits of science that it equips the future for its duties.

Quote from: John Carmack
[...] if you have a large enough codebase, any class of error that is syntactically legal probably exists there.

notarctic

  • just arctic, what gives?
  • ******
  • Karma: 8
  • Offline Offline
  • Posts: 4888
  • 👎👀 bad aim ba̷̶ ԁ aIm 👎 thats❌ some bad 👎👎aim
Re: On the heartbleed security bug
« Reply #3 on: April 11, 2014, 02:11:58 am »

lol god damn I was gonna post that
Logged
[1:37:51 PM] Derpduck: arctic u need to quote ppl that make shit posts in case they edit them
[4:20:15 PM] Rubeus Hashgrid: i cant discover anything fuck you imageshack

Phantom Brave

  • All Hail Classicwell
  • Designer
  • *****
  • Karma: 70
  • Offline Offline
  • Posts: 12532
  • Another one --
Re: On the heartbleed security bug
« Reply #4 on: April 11, 2014, 06:47:09 am »

<A:CHANGE YOUR EMAIL/STE_M PWORDS>
9:44 PM - jimm: no
11:09 PM - jimm: http://i.imgur.com/6Up52fC.png
11:09 PM - jimm: maybe I will actually
Logged

http://steamcommunity.com/id/wareya/
ladies and gentlemen i would like to announce that the fact of the matter is up that the fact of the matter is a fact and it matters

Venomous

  • Heroic Member
  • ****
  • Karma: 1
  • Offline Offline
  • Posts: 655
  • Monoculus Whisperer
Re: On the heartbleed security bug
« Reply #5 on: April 11, 2014, 03:15:06 pm »

If you use the Remember Me function on vulnerable sites, are you safe because the eavesdroppers cant see you logging in?
Logged

Phantom Brave

  • All Hail Classicwell
  • Designer
  • *****
  • Karma: 70
  • Offline Offline
  • Posts: 12532
  • Another one --
Re: On the heartbleed security bug
« Reply #6 on: April 11, 2014, 05:33:05 pm »

you'd have to do it over two years ago and keep the same login session
but then make a new session after it's fixed
Logged

http://steamcommunity.com/id/wareya/
ladies and gentlemen i would like to announce that the fact of the matter is up that the fact of the matter is a fact and it matters

notarctic

  • just arctic, what gives?
  • ******
  • Karma: 8
  • Offline Offline
  • Posts: 4888
  • 👎👀 bad aim ba̷̶ ԁ aIm 👎 thats❌ some bad 👎👎aim
Re: On the heartbleed security bug
« Reply #7 on: April 14, 2014, 01:04:58 am »

Logged
[1:37:51 PM] Derpduck: arctic u need to quote ppl that make shit posts in case they edit them
[4:20:15 PM] Rubeus Hashgrid: i cant discover anything fuck you imageshack

Phantom Brave

  • All Hail Classicwell
  • Designer
  • *****
  • Karma: 70
  • Offline Offline
  • Posts: 12532
  • Another one --
Re: On the heartbleed security bug
« Reply #8 on: April 14, 2014, 09:45:26 am »

Today's XKCD comic has an easy to understand explanation of how it works: http://xkcd.com/1354/
Logged

http://steamcommunity.com/id/wareya/
ladies and gentlemen i would like to announce that the fact of the matter is up that the fact of the matter is a fact and it matters

Catman

  • The Argumental
  • Veteran Member
  • ******
  • Karma: 18
  • Offline Offline
  • Posts: 4049
  • Take on me
    • Yuki Yuki Yuki
Re: On the heartbleed security bug
« Reply #9 on: April 14, 2014, 10:04:22 am »

And he even posted about it already. You ok Arctic?
lol god damn I was gonna post that
Logged
My style is the best...
...so I challenge you!

Intel Guard

  • GG2 Commentator
  • Retired Goja Warrior
  • ******
  • Karma: 44
  • Offline Offline
  • Posts: 8482
  • the s*x number
Re: On the heartbleed security bug
« Reply #10 on: April 14, 2014, 01:19:13 pm »

damn, xkcd has become even more humorless
Logged
I've been listening to a bit of Green Day recently (past 2 months actually). Really raises the level of "fuckethesystem" in me.  :z5:
"god is dead."♫♫♫

Danikah

  • Guest
Re: On the heartbleed security bug
« Reply #11 on: April 14, 2014, 01:27:58 pm »

damn, xkcd has become even more humorless
You assume it had humour before. I honestly don't understand what people love about it.
Logged

\esc144aAroundTheWorld\esca

  • stinkier foot
  • ****
  • Karma: 3
  • Offline Offline
  • Posts: 2749
Re: On the heartbleed security bug
« Reply #12 on: April 14, 2014, 02:25:26 pm »

Who's that guy supposed to be anyways? He hasn't got enough pimples to be a hacker...
Logged

Alma Elma

  • BEWARE, I'M ON MY PERIOD
  • *
  • Karma: 14
  • Offline Offline
  • Posts: 3652
  • hhhhhhhhhhhhh
    • Steam Community Profile
Re: On the heartbleed security bug
« Reply #13 on: April 14, 2014, 02:26:58 pm »

damn, xkcd has become even more humorless
You assume it had humour before. I honestly don't understand what people love about it.
It makes pseudo intellectuals feel smart for getting the "joke"
Logged

I've got the Joy, the Joy deep in my heart. Joy, Joy, Joy.
Do you?

Phantom Brave

  • All Hail Classicwell
  • Designer
  • *****
  • Karma: 70
  • Offline Offline
  • Posts: 12532
  • Another one --
Re: On the heartbleed security bug
« Reply #14 on: April 14, 2014, 03:58:43 pm »

all filler no killer
Logged

http://steamcommunity.com/id/wareya/
ladies and gentlemen i would like to announce that the fact of the matter is up that the fact of the matter is a fact and it matters
Pages: [1] 2
 

Page created in 0.052 seconds with 35 queries.