Remember, you MUST register to post on the Fiesta Fan forums. It's completely free to join. Just click HERE to become a member for free!


REGISTER NOW TO REMOVE ALL ADS ON THIS FORUM!

Reply
 
Thread Tools Search this Thread Display Modes
Old 04-11-2014, 11:19 PM   #1
Vasu
Malingerer
 
Vasu's Avatar
 
Tournaments Won: 3

In-Game Name: None
Current Level: None
Server: None
Posts: 1,899
Vasu is just really niceVasu is just really niceVasu is just really niceVasu is just really niceVasu is just really nice
Heartbleed

Do any of us know whether FF uses OpenSSL for it's security? And whether it's likely to be fixed? In other news, you guys should all probably change your Facebook password, and probably also your Google password. Also Tumblr, Pinterest, Instagram, Yahoo Mail.

Here's a nice tracking page:

http://mashable.com/2014/04/09/heart...ites-affected/

For those of you wondering what all of this is about, xkcd has the simplest explanation I've seen:

__________________


Credits to Loveless for the great signature!
We rode on the winds of the rising storm
We ran to the sounds of thunder
We danced among the lightning bolts
And tore the world asunder

Vasu is offline   Reply With Quote
Old 04-12-2014, 02:30 AM   #2
Ralath
Bbang ggoo ddong ggoo

 
Ralath's Avatar
 
Tournaments Won: 36

Posts: 3,677
Ralath is a splendid one to beholdRalath is a splendid one to beholdRalath is a splendid one to beholdRalath is a splendid one to beholdRalath is a splendid one to beholdRalath is a splendid one to beholdRalath is a splendid one to behold
Send a message via MSN to Ralath
That comic was still confusing.
__________________

Ralath is offline   Reply With Quote
Old 04-12-2014, 02:39 AM   #3
Vasu
Malingerer
 
Vasu's Avatar
 
Tournaments Won: 3

In-Game Name: None
Current Level: None
Server: None
Posts: 1,899
Vasu is just really niceVasu is just really niceVasu is just really niceVasu is just really niceVasu is just really nice
Well the bug in SSL essentially allowed anyone to access whatever was in the server's RAM or main memory at the time. Now any processing that a computer does involved moving data from your normal file system to the RAM.

Now imagine there's a file 'supersecret.txt' on my Dropbox that I just accessed. The files contents are copied to main memory on the way to me. The contents of the file itself remain restricted to me, but whatever is within the main memory isn't really associated with my file any more once I'm done. It's just unstructured data sitting there, and can be overwritten at any time.

However, someone exploiting this bug can get it to spit out whatever is in the main memory and it will, because the server doesn't see the bunch of 1s and 0s as belonging to your file any more. And so any sensitive data may have been obtained. It's a crapshoot, but there's a chance of it happening.

Not all major websites used OpenSSL, but it is pretty widely used, so a lot of servers have been putting up patches for the flaw. Obviously changing your password is useless if the company itself hasn't patched their server.
__________________


Credits to Loveless for the great signature!
We rode on the winds of the rising storm
We ran to the sounds of thunder
We danced among the lightning bolts
And tore the world asunder

Vasu is offline   Reply With Quote
Old 04-12-2014, 11:44 AM   #4
Ivramire
Where shall we wander?

 
Ivramire's Avatar
 

Posts: 3,666
Ivramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud of
Just spent about an hour waterproofing my passwords and making them all unique. Heartbleed's serious stuff.
Ivramire is offline   Reply With Quote
Old 04-12-2014, 04:39 PM   #5
Vasu
Malingerer
 
Vasu's Avatar
 
Tournaments Won: 3

In-Game Name: None
Current Level: None
Server: None
Posts: 1,899
Vasu is just really niceVasu is just really niceVasu is just really niceVasu is just really niceVasu is just really nice
Originally Posted by Ivramire View Post
Just spent about an hour waterproofing my passwords and making them all unique. Heartbleed's serious stuff.
I use a common root word for my passwords which are modified based on the name of the website I visit. If a human looks at them in plaintext, it's pretty obvious, but it should stand up to machine analysis haha.

EDIT: I found a better checking tool:
https://lastpass.com/heartbleed/
__________________


Credits to Loveless for the great signature!
We rode on the winds of the rising storm
We ran to the sounds of thunder
We danced among the lightning bolts
And tore the world asunder

Vasu is offline   Reply With Quote
Old 04-12-2014, 07:42 PM   #6
Entropy
Administrator
Originally Posted by Vasu View Post
Do any of us know whether FF uses OpenSSL for it's security?
FF doesn't use OpenSSL.

Also, passwords are hashed before they are sent to the server and are salted and hashed again before being stored. Your passwords are safe even if someone does get in. Even I can't figure out what they are.
Entropy is offline   Reply With Quote
Old 04-12-2014, 10:36 PM   #7
Vasu
Malingerer
 
Vasu's Avatar
 
Tournaments Won: 3

In-Game Name: None
Current Level: None
Server: None
Posts: 1,899
Vasu is just really niceVasu is just really niceVasu is just really niceVasu is just really niceVasu is just really nice
Hm, good to know, but that's probably standard procedure anyway. The danger is with the server's private keys being leaked via this bug. But it's a moot point anyway since we don't use OpenSSL.
__________________


Credits to Loveless for the great signature!
We rode on the winds of the rising storm
We ran to the sounds of thunder
We danced among the lightning bolts
And tore the world asunder

Vasu is offline   Reply With Quote
Old 04-13-2014, 11:07 AM   #8
Hessah
Hardcore Procrastinator



 
Hessah's Avatar
 
Burger Time Champion! Cannon Ball Follies 2 Champion!
Tournaments Won: 51

In-Game Name: Hessah / Ble~ehs
Current Level: 91 / 85 / 79 / 65 / 28
Server: Teeeeeee-vah
Posts: 9,581
Hessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond reputeHessah has a reputation beyond repute
Oh man I have to relearn all my passwords...
__________________

G____G

G____GTevaG____G
Heart___G_Hessah_G___Heart
79 - Paladin | 85 - Enchanter | 91 - Scoutxx
Ninja text! For those who's easily amused
I can show you the woooorld!
I don't want to see it!
okay...

Hessah is offline   Reply With Quote
Old 04-13-2014, 12:47 PM   #9
Ivramire
Where shall we wander?

 
Ivramire's Avatar
 

Posts: 3,666
Ivramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud ofIvramire has much to be proud of
All my passwords are now random strings of letters and numbers, like addgag9a8duge7wg. I'm using a password-manager (Lastpass) with a strong master password to manage it all for me.
Ivramire is offline   Reply With Quote
Old 04-13-2014, 04:00 PM   #10
Lirange
Bad Kid
 
Lirange's Avatar
I'll take my chances hehe
__________________
Lirange is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:31 PM.
Design by Vjacheslav Trushkin, color scheme by ColorizeIt!.
Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.