Heartbleed OpenSSL issue - Dorkiphus.net
Navigation » Dorkiphus.net > Miscellaneous Discussions > Problems, Support & BBS Questions » Heartbleed OpenSSL issue

Problems, Support & BBS Questions Please post board related problems in this section for resolution. We know there are some furballs out there so let hear about them.

Reply
 
Thread Tools Display Modes
  #1  
Old 04-09-2014, 07:07 AM
ruffyz ruffyz is offline
@porschesideways
 
Join Date: Apr 2010
Location: Tysons Corner VA
Posts: 500
ruffyz
Default Heartbleed OpenSSL issue

I don't know if everyone has heard but there is a major issues with many websites that could allow your password or account info to be revealed.

Jazz do we need to do anything for the dorki website? OpenSSL versions 1.01 are vulnerable up to 1.01f
Reply With Quote
  #2  
Old 04-09-2014, 08:35 AM
joep's Avatar
joep joep is offline
 
Join Date: Jun 2008
Location: PW county Virginia
Posts: 2,549
joep
Default

You can read more about this issue here: http://heartbleed.com/
And the official details here: https://www.us-cert.gov/ncas/alerts/TA14-098A

This is a serious problem with Internet security, and everyone should take some precautionary steps, but the damage is done and now we can only move forward.

Chances are you and I don't need to do anything for our dorkiphus accounts until after Jazz reports back on the status of the web hosting. Not all installations of those versions listed above are affected, but they MAY BE. If that turns out to be the case, then only after a new SSL cert is setup will it matter that you've changed your login password.

Many more systems are still running other versions which aren't impacted at all.

If you deal with an affected website/service, any data ever intercepted and stored is potentially at risk forever and out of your control. For this reason DO change all of your account passwords on banking, financial, Dating/Porn and whatever sites you truly care about. But make sure they've also replaced their at-risk private keys and what-not or else this step does you no good yet.

Jazz will correct me if I'm wrong, but I don't believe dorki uses SSL at all even for authentication? If that were the case, well then carry on!

In the grand scheme of things I doubt anyone is looking to monitor the dorki community and steal our secrets. Although I wouldn't put it past those meddling Rennlisters.... And do use a different password here and everywhere else.
__________________
Ken
'03 - boxster - Joy Toy
-rolling convertible action
-de-ambered
-Boxster Brey-Krause Roll Bar
'05 - 955s Gold - My Other / On Road / Off Road
-coolant pipe by pass 08/11
-heart & short soul block replaced @50k 01/12
-cardan shafted & replaced @125k 09/16

Quote:
Originally Posted by BlackTalon View Post
I could feel my self-esteem rising, even while realizing how incorrect I was
Quote:
Originally Posted by Rick V View Post
I think I like the purple, it placates my lesbian side.
Reply With Quote
  #3  
Old 04-10-2014, 12:37 AM
Lupin..the..3rd's Avatar
Lupin..the..3rd Lupin..the..3rd is offline
tire walls are bouncy
 
Join Date: Oct 2005
Location: Arlington, VA
Posts: 5,748
Lupin..the..3rd
Default

I don't think Dorkiphus login uses SSL. Notice absence of https in the URL while logging in.
__________________
George
2004 BMW 325iT
1998 MB E300 turbo
Vindaloo Racing FTW!!
944's are fun

When the Wright brothers set out to create a flying machine, Science told them it was impossible.

Last edited by Lupin..the..3rd; 04-10-2014 at 01:31 AM.
Reply With Quote
  #4  
Old 04-10-2014, 08:54 AM
N0tt0N's Avatar
N0tt0N N0tt0N is offline
 
Join Date: Sep 2013
Location: DC
Posts: 4,741
N0tt0N has five HoF threadsN0tt0N has five HoF threadsN0tt0N has five HoF threadsN0tt0N has five HoF threadsN0tt0N has five HoF threads
Default

No SSL! You mean people can see everything you type! I expect a sea change in tone now. Folks will be respectful, supportive, and caring. SSL leads directly to bullying and should be banned - a tool of the devil - like water-cooled engines.
__________________
Martin
2011 Cayman S (Gone) - Hardtop Blechster
2006 Cayman S (DD)
2016 Mazda CX-5 (Her DD)
2002 Boxster S (Gone) - Ragtop Blechster - Pura Patina!

Dorkiphus: I buy it for the articles
Reply With Quote
  #5  
Old 04-10-2014, 09:42 AM
Fritz's Avatar
Fritz Fritz is offline
Addict
 
Join Date: Mar 2008
Location: Rural DC
Posts: 1,953
Fritz has one HoF thread
Default

Quote:
Originally Posted by Lupin..the..3rd View Post
I don't think Dorkiphus login uses SSL. Notice absence of https in the URL while logging in.
Yep, just like many social sites. It is highly recommended that you have separate passwords for critical accounts like your bank, mortgage, and insurance so that when your identity is compromised there is less impact to your long term standings.

FYI, your identity is compromised. It was probably compromised three times this morning. It's a bigger issue than you think, but not much you can do about it since it is a larger problem than any individual and most Fortune 100 organizations can deal with. Use two factor authentication where you can, change your passwords, and keep up on your financial statements and credit reports. Its just the new way to live so you should probably get used to it.
Reply With Quote
  #6  
Old 04-11-2014, 10:46 AM
BobNovas's Avatar
BobNovas BobNovas is offline
 
Join Date: Dec 2003
Location: Rockville, MD
Posts: 1,475
BobNovas
Default

http://xkcd.com/1354/
__________________
88 911
00 Boxster S (wife's ride, becoming mine too)

Even duct tape can't fix stupid... but it can muffle the sound!
Reply With Quote
  #7  
Old 04-11-2014, 11:14 AM
Jazzbass's Avatar
Jazzbass Jazzbass is offline
Site Admin
 
Join Date: Feb 2003
Location: Germantown, MD
Posts: 11,814
Jazzbass has eight HoF threadsJazzbass has eight HoF threadsJazzbass has eight HoF threadsJazzbass has eight HoF threadsJazzbass has eight HoF threadsJazzbass has eight HoF threadsJazzbass has eight HoF threads
Default

So, like Lupin said we don't use SSL, so the heartbleed issue doesn't affect us. In fact we don't even have an SSL certificate. The only thing secure on Dorki is your password, so like Fritz said, this password should be one very different than you use for *real* things like your bank account, PayPal, etc.

None of the sponsor stuff is integrated into the board for this reason - I didn't want Dorki to have to be responsible for credit card numbers, paypal info, etc. All sponsor payments are done either via check or 100% through PayPal's website. PayPal has a little more time and money to spend on security than I do.
__________________
Chris M
1985 911 Carrera with a couple cosmetic only mods
2006 E90 330i
1999 E46 328i
Reply With Quote
  #8  
Old 04-11-2014, 11:17 AM
vranko's Avatar
vranko vranko is offline
 
Join Date: Oct 2010
Location: Mclean, VA
Posts: 2,319
vranko has one HoF thread
Default

^ Love it. Thanks for posting Bob.
__________________
John V

2024 BMW G87 ///M2 (Next 444)
2021 Toyota Supra GR (The Bupra, Other 444)
2016 BMW M235
2015 Porsche Cayenne Diesel
2007 Cayman S, #444
2013 Golf R
2012 BWM x5
2017 Mazda MX-5 Club
3 time DE Parade Lap Champion
#BestInstructorEver - Unknown
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump