View previous topic :: View next topic |
Author |
Message |
Darqcyde

Joined: 10 Jul 2006 Posts: 11917 Location: A false vacuum abiding in ignorance.
|
|
Back to top |
|
 |
Heretical Rants

Joined: 20 Jul 2009 Posts: 5344 Location: No.
|
Posted: Wed Apr 09, 2014 8:33 am Post subject: |
|
|
basically, you should clear all of your sessions naow, and if you're a webmaster you should patch yer shit _________________ butts |
|
Back to top |
|
 |
WheelsOfConfusion

Joined: 09 Jul 2006 Posts: 14322 Location: Unknown Kaddath
|
Posted: Wed Apr 09, 2014 8:33 am Post subject: |
|
|
Basically, all the affected websites need to patch their OpenSSL install. (Any end-user OS with OpenSSL packaged needs an update too, but end users aren't a likely target for the attack; the servers are. Ubuntu updated yesterday to fix this issue).
Then they'll need to change their certs.
After that, once they have the new cert in place, you'll need to change your password for the site. |
|
Back to top |
|
 |
Heretical Rants

Joined: 20 Jul 2009 Posts: 5344 Location: No.
|
Posted: Wed Apr 09, 2014 8:42 am Post subject: |
|
|
my password is 'banana' _________________ butts |
|
Back to top |
|
 |
Darqcyde

Joined: 10 Jul 2006 Posts: 11917 Location: A false vacuum abiding in ignorance.
|
|
Back to top |
|
 |
Heretical Rants

Joined: 20 Jul 2009 Posts: 5344 Location: No.
|
Posted: Wed Apr 09, 2014 10:27 am Post subject: |
|
|
I don't quite understand the reference, even if you link to it, since I can't make it more than a few seconds into that video and have difficulty processing that song in any form other than "Drop it like your mother got shot" which, now that I search for it, has apparently fallen victim to phenomenon known as `the-artist-has-taken-down-everything-they've-ever-made-like-seriously-their-bandcamp-tumblr-youtube-deviantart-etc-are-all-gone` _________________ butts |
|
Back to top |
|
 |
Darqcyde

Joined: 10 Jul 2006 Posts: 11917 Location: A false vacuum abiding in ignorance.
|
Posted: Wed Apr 09, 2014 10:42 am Post subject: |
|
|
Heretical Rants wrote: | I don't quite understand the reference, even if you link to it, since I can't make it more than a few seconds into that video and have difficulty processing that song in any form other than "Drop it like your mother got shot" which, now that I search for it, has apparently fallen victim to phenomenon known as `the-artist-has-taken-down-everything-they've-ever-made-like-seriously-their-bandcamp-tumblr-youtube-deviantart-etc-are-all-gone` |
How about this link: http://youtu.be/gZHjRQjbHrE?t=2m30s
If you don't get it, or why I referenced, consider yourself lucky. _________________ ...if a single leaf holds the eye, it will be as if the remaining leaves were not there.
https://www.facebook.com/O.A.Drake/
https://twitter.com/oadrake |
|
Back to top |
|
 |
WheelsOfConfusion

Joined: 09 Jul 2006 Posts: 14322 Location: Unknown Kaddath
|
Posted: Fri Apr 11, 2014 8:48 am Post subject: |
|
|
It's looking like the "2/3rds of the Internet" thing is somewhat overblown, more like 10-11%. That's still huge, and hopefully every affected site will patch their shit, get new certs, and then tell users to reset their passwords.
Anyway, xkcd explains how the flaw actually works:
 |
|
Back to top |
|
 |
Moor

Joined: 07 May 2013 Posts: 318
|
Posted: Fri Apr 11, 2014 5:29 pm Post subject: |
|
|
WheelsOfConfusion wrote: | It's looking like the "2/3rds of the Internet" thing is somewhat overblown, more like 10-11%.[/img] |
Okay, but if we were doing things right, it should have affected 100% of the internet (or, well, probably more like 70%, because there are other SSL implementations, and OpenSSL is just the most popular? But I'm not sure about 70% because I don't know the usage rates). Seriously. SSL key certification should come with domain name registration. |
|
Back to top |
|
 |
WheelsOfConfusion

Joined: 09 Jul 2006 Posts: 14322 Location: Unknown Kaddath
|
Posted: Fri Apr 11, 2014 6:13 pm Post subject: |
|
|
If we were really doing things right, a bug like this would have been caught before release. |
|
Back to top |
|
 |
Moor

Joined: 07 May 2013 Posts: 318
|
Posted: Fri Apr 11, 2014 6:33 pm Post subject: |
|
|
WheelsOfConfusion wrote: | If we were really doing things right, a bug like this would have been caught before release. |
Yeah, but it's not as obvious* of a thing that everything should be SSL.
(* Obvious is kinda the wrong word. Basically, everyone knows that "there was a problem, and it should have been caught". But not everyone knows that the story is 10% of the internet had a vaccine that didn't work, but 85% didn't even have the vaccine. ) |
|
Back to top |
|
 |
Sam

Joined: 09 Jul 2006 Posts: 11230
|
Posted: Fri Apr 11, 2014 9:54 pm Post subject: |
|
|
i changed all my passwords to hunter3
who's owned now, heartbleed |
|
Back to top |
|
 |
|