Heartbleed  (Read 2863 times)

0 Members and 1 Guest are viewing this topic.

Nebih

Heartbleed
« on: 10 Apr 2014, 02:32:24 »
If you haven't heard already, about 2/3 of the interwebz got hacked when an encryption thingy got hacked or whatever. Basically what this means is you should change your passwords for pretty much everything ._.

https://mojang.com/2014/04/heartbleed/

Chompertons

Re: Heartbleed
« Reply #1 on: 10 Apr 2014, 06:30:43 »
Dont misunderstand a vulnerability being present to everything being "hacked".  Heartbleed was just a vulnerability that effects the majority of the internet and means most of it that uses common encryption protocols was vulnerable, but not necessarily that 100% of those that were vulnerable were hacked or taken advantage of or mined or whatever. 

While it's a good idea to change passwords to things that matter and keep an eye on your bank statements etc, I don't support media-type panic spreading with sentences like "2/3 of the internet was hacked" because thats just silly.

itisnotyou

Re: Heartbleed
« Reply #2 on: 10 Apr 2014, 10:38:41 »
The only thing they can do with it is steal some encrypted Internet traffic. Yes that is a huge problem, but you have to remember that half of the Internet traffic (including noobscraft.com) doesn't use encryption at all. So anyone intercepting your internet traffic could steal your password from these sites.

P.S. I'm not really worried about anyone stealing my noobscraft.com password.

HarryX11

Re: Heartbleed
« Reply #3 on: 10 Apr 2014, 17:48:08 »
What I don't understand is how the virus went undetected for 2 FULL YEARS hitting that many places... Seems as if someone should have found a pattern.

Chompertons

Re: Heartbleed
« Reply #4 on: 10 Apr 2014, 18:31:16 »
It's not a virus it's a security hole in a commonly used encryption protocol.  It's just a hole.  In all reality the hole probably went largely undetected by most hackers and security professionals alike, so the volume of things impacted by this is most likely WAY smaller than people are making it out to be.   The hype gets exacerbated by the fact that 99% of people talking heartbleed are not IT professionals and have no idea what heartbleed is or what it does or what it's real impact is.  This is the digital version of the swine flu.

Olah0001

Re: Heartbleed
« Reply #5 on: 11 Apr 2014, 00:57:05 »
:/
And a question for the admins, should we be worried about our noobscraft account ?

gamergirlxo

Re: Heartbleed
« Reply #6 on: 11 Apr 2014, 01:43:44 »
:/
And a question for the admins, should we be worried about our noobscraft account ?

I'm not an admin but I wouldn't worry too much. The main account you need to be concerned about are any accounts with personal information. As noobscraft doesn't include much personal information I think you're okay.

ItsLawrence

Re: Heartbleed
« Reply #7 on: 11 Apr 2014, 08:31:38 »
:/
And a question for the admins, should we be worried about our noobscraft account ?
This is not something you really need to be worried about in regards to your Noobscraft account, no; but it's never a bad idea to change your passwords if you want to anyway. You can do so by visiting your account settings page.

Quite a nice, extremely simplified video explaining the bug can be seen here: http://www.youtube.com/watch?v=rE5dW3BTpn4#ws

We don't offer SSL for any of the public areas of our site because the content which we show can be posted by all our users and content can be embedded directly from external sources (many of which themselves aren't using SSL too) and as such we would cause browser flags if we were to do so. You can still check if we have any issues regarding the Heartbleed bug though by visiting: http://filippo.io/Heartbleed/#noobscraft.com if you want to.

In regards to donations these too should be fine as we use PayPal for our payment system, you can find a post they made regarding Heartbleed here: https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568.

If you have any further concerns regarding the security of the site/your account you can PM me or email me at [email protected].

Olah0001

Re: Heartbleed
« Reply #8 on: 11 Apr 2014, 22:04:15 »
Ok thnx Lawrence