Problems, Support & BBS Questions Please post board related problems in this section for resolution. We know there are some furballs out there so let hear about them. |
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Heartbleed OpenSSL issue
I don't know if everyone has heard but there is a major issues with many websites that could allow your password or account info to be revealed.
Jazz do we need to do anything for the dorki website? OpenSSL versions 1.01 are vulnerable up to 1.01f |
#2
|
||||
|
||||
You can read more about this issue here: http://heartbleed.com/
And the official details here: https://www.us-cert.gov/ncas/alerts/TA14-098A This is a serious problem with Internet security, and everyone should take some precautionary steps, but the damage is done and now we can only move forward. Chances are you and I don't need to do anything for our dorkiphus accounts until after Jazz reports back on the status of the web hosting. Not all installations of those versions listed above are affected, but they MAY BE. If that turns out to be the case, then only after a new SSL cert is setup will it matter that you've changed your login password. Many more systems are still running other versions which aren't impacted at all. If you deal with an affected website/service, any data ever intercepted and stored is potentially at risk forever and out of your control. For this reason DO change all of your account passwords on banking, financial, Dating/Porn and whatever sites you truly care about. But make sure they've also replaced their at-risk private keys and what-not or else this step does you no good yet. Jazz will correct me if I'm wrong, but I don't believe dorki uses SSL at all even for authentication? If that were the case, well then carry on! In the grand scheme of things I doubt anyone is looking to monitor the dorki community and steal our secrets. Although I wouldn't put it past those meddling Rennlisters.... And do use a different password here and everywhere else.
__________________
Ken '03 - boxster - Joy Toy -rolling convertible action -de-ambered -Boxster Brey-Krause Roll Bar '05 - 955s Gold - My Other / On Road / Off Road -coolant pipe by pass 08/11 -heart & short soul block replaced @50k 01/12 -cardan shafted & replaced @125k 09/16 Quote:
|
#3
|
||||
|
||||
I don't think Dorkiphus login uses SSL. Notice absence of https in the URL while logging in.
__________________
George 2004 BMW 325iT 1998 MB E300 turbo Vindaloo Racing FTW!! 944's are fun When the Wright brothers set out to create a flying machine, Science told them it was impossible. Last edited by Lupin..the..3rd; 04-10-2014 at 01:31 AM. |
#4
|
||||
|
||||
No SSL! You mean people can see everything you type! I expect a sea change in tone now. Folks will be respectful, supportive, and caring. SSL leads directly to bullying and should be banned - a tool of the devil - like water-cooled engines.
__________________
Martin 2011 Cayman S (Gone) - Hardtop Blechster 2006 Cayman S (DD) 2016 Mazda CX-5 (Her DD) 2002 Boxster S (Gone) - Ragtop Blechster - Pura Patina! Dorkiphus: I buy it for the articles |
#5
|
||||
|
||||
Quote:
FYI, your identity is compromised. It was probably compromised three times this morning. It's a bigger issue than you think, but not much you can do about it since it is a larger problem than any individual and most Fortune 100 organizations can deal with. Use two factor authentication where you can, change your passwords, and keep up on your financial statements and credit reports. Its just the new way to live so you should probably get used to it.
__________________
-Fritz '93 C2 Cabriolet - That cool Amazon Blue-Green Metallic color '70 911T, sorta - '70 Chasis, '77 shortnose, 3.0L CIS engine, and SC fenders |
#6
|
||||
|
||||
__________________
88 911 00 Boxster S (wife's ride, becoming mine too) Even duct tape can't fix stupid... but it can muffle the sound! |
#7
|
||||
|
||||
So, like Lupin said we don't use SSL, so the heartbleed issue doesn't affect us. In fact we don't even have an SSL certificate. The only thing secure on Dorki is your password, so like Fritz said, this password should be one very different than you use for *real* things like your bank account, PayPal, etc.
None of the sponsor stuff is integrated into the board for this reason - I didn't want Dorki to have to be responsible for credit card numbers, paypal info, etc. All sponsor payments are done either via check or 100% through PayPal's website. PayPal has a little more time and money to spend on security than I do.
__________________
Chris M 1985 911 Carrera with a couple cosmetic only mods 2006 E90 330i 1999 E46 328i |
#8
|
||||
|
||||
^ Love it. Thanks for posting Bob.
__________________
John V 2024 BMW G87 ///M2 (Next 444) 2021 Toyota Supra GR (The Bupra, Other 444) 2016 BMW M235 2015 Porsche Cayenne Diesel 2007 Cayman S, #444 2013 Golf R 2012 BWM x5 2017 Mazda MX-5 Club 3 time DE Parade Lap Champion #BestInstructorEver - Unknown |
Thread Tools | |
Display Modes | |
|
|