Heartbleed Leak?


#1

Just wondering: is this site liable to have been hit by the “Heartbleed” security leak that hit everything lately?

I’m just a little worried, that’s all. I don’t want anyone to (for some reason) post on my behalf. Because, you know, that would make me look bad.

Anyway, an answer would be appreciated.


#2

Read it in my newspaper but I can’t be bothered to change anything, I will deal with the repercussion’s later. (I don’t know why anyone would hack me anyway)


#3

Yeah, I don’t think that EVERYONE’S been affected by it, but I’d rather be safe than sorry. Especially when it comes to my email.


#4

Yea I don’t really care about the leaks, would be cool to have everything taken and then start over. You know how they say - YOLO


#5

the only sites im concerned with have much more robust layers of protection… im not too overly concerned if my social media presence gets h@x0red… :smile:

still… it is a pain… :angry:


#6

I’ve had a few attempts on my email from like China and Vietnam over the last few months, obviously not directly related to Heartbleed, but people will try regardless, especially as my email contains potentially sensitive information regarding all other accounts and finances etc.

The best thing you can do is just change your password if you’re worried.


#7

Akshually, there is a site where you can check this sort of thing:
http://filippo.io/Heartbleed/

Unfortunately, it doesn’t like Stonehearth’s discourse url and keeps shooting back an error.


#8

As far as I am aware, no Stonehearth website supports HTTPS and therefore is not affected by this exploit.

As a side note, exactly because HTTPS is not used, your password and other user data is transmitted in plain text, which means that a man-in-the-middle attack would yield your login information easily.

On a second side note, only websites (or applications) using OpenSSL are vulnerable (and have been for two years now) - so HTTPS does not necessarily equal vulnerable. I think that the server/client also needs to support heartbleed requests itself, which some things have disabled. /u/alienth had a pretty decent FAQ on that topic and I believe he knows about this stuff.


#9

which are constrained to servers running Apache (52% market share) and nginx…


#10

There’s numbers out there about “17% of 500M servers use SSL”, which would mean that ~9% of 500M servers could potentially be vulnerable.

But only if they have the faulty OpenSSL version - if they aren’t living on the bleeding edge, they should be safe. Over all, I think this might be hyped for more than it is.

Third side note: Let’s not forget about this new xkcd.


#11

wow… im printing that right now:smile:


#12

Don’t forget to include the hover text somewhere. And now I have to listen to the soundtrack again.


#13

Alright. I mean, I was just wondering about it.

You may now consider me informed!


#14

Can someone inform me of this leak…
I don’t think I heard of it.


#15

You can use this site to see what sites are safe. LastPass - LastPass Heartbleed checker


#16

Just a reminder: Using those sites, you are technically exploiting a security vulnerability… which means that, if somebody wanted to put it that way, you’re attacking said site. I would recommend not doing that.


#17

mashable list of (major) sites affected…


#18

I have no idea what this is… :scream:

Edit: Now I know kinda, and woah this is big.