MegaSack DRAW - This year's winner is user - rgwb
We will be in touch

[Closed] Singletrack vulnerable to heartbleed

H1ghland3r · 2014-04-09T09:11:51Z

I'm sure some of you have read about the recently discovered 'heart bleed' vulnerability found in the OpenSSL protocol that exposes potentially all secured data that passes through an exposed server. There is a site checker available here.. [urlChecker[/url] Unfortunately, singletrack is vulnerable and will remain so until the server is patched and a new certificate is issued. While this may not seem all that important for those of us that simply log in to post nonsense on the forum, anyone with a subscription has potentially exposed private information. It is recommended by the security experts that you not use the sites affected until they are patched and re-certified. There is no real point in changing passwords until the server is patched as any new password would be immediately exposed. If you are interested in reading more there is information available here.. [urlBug[/url] Mod Edit: You can read our response here

Page 2 / 2 Prev

Chat Forum

Last Post by H1ghland3r 12 years ago

87 Posts

30 Users

0 Reactions

546 Views

Jamie

Posts: 30656

Free Member

That's what happens when you give something serious such an Emo name.

Posted : 10/04/2014 9:46 pm

wwaswas

Posts: 251

Full Member

The coder has 'fessed up;

[url= http://big.assets.huffingtonpost.com/672443316256430888.gi f" target="_blank">http://big.assets.huffingtonpost.com/672443316256430888.gi f"/> [/url]

It's not the fault of the open source process per se, it's just that there's too few people doing code reviews because no one will pay them to. Probably.

Posted : 11/04/2014 7:39 am

CountZero

Posts: 33577

Full Member

Just to add to this, I've just read this from Twitter, via Flipboard:
[b]More People Were Paid To Exploit Heartbleed For The NSA Than To Fix It[/b]
http://falkvinge.net/2014/04/11/more-people-were-paid-to-exploit-heartbleed-for-the-nsa-than-to-fix-it/
Does come as no surprise, really.

Posted : 12/04/2014 7:24 pm

Klunk

Posts: 11402

Free Member

nice explanation

[img] [/img]

what complete cock up

Posted : 13/04/2014 6:41 pm

Jamie

Posts: 30656

Free Member

Out of all the websites I am registered with, only iFTTT has emailed me about the issue. Imgur, which was shown to be susceptible, sent bollocks all.

*harumphs*

Posted : 13/04/2014 6:53 pm

xiphon

Posts: 0

Free Member

The first photo on the link rj2dj posted has some impressive cabling! God I'm sad...

Posted : 13/04/2014 7:49 pm

Jamie

Posts: 30656

Free Member

The first photo on the link rj2dj posted has some impressive cabling! God I'm sad...

Fill your boots...

http://reddpics.com/r/cableporn

Posted : 13/04/2014 11:08 pm

H1ghland3r

Posts: 894

Free Member

Topic starter

I am getting so frustrated with the vague and non-committal responses to queries on this subject.
To date I've only had 3-4 notifications that a site has been patched and is now safe or that they were not affected. Other than that I've been forced to email the company concerned (I have a password database of over 100 unique logins) to ask for clarification as to whether their systems are safe to start using again.
In most cases I get responses that are vague to the point of being useless in clarifying the situation..
For example, reply from Sony regarding their Entertainment Network (formerly playstation store)...

I can confirm that we have no information regards it affected our website, and we would like to re-assure you that your account is secured

Given that I asked them specifically the status of their SSL certificate that response tells me nothing.!! Grrrrr...
Still haven't been able to confirm that any of the online bike stores are safe yet either... there seems to be a great deal of 'heads in the sand' about this and it's not bloomin' good enough.. [/rant]

and breath.... 🙂

Posted : 15/04/2014 3:45 pm

Page 2 / 2 Prev

Latest Stories

Predictions for the mountain bike world in 2026
by Singletrack Magazine
Our best (and worst) rides of 2025
by Singletrack Magazine
Issue 164: More than the Patagonia of Asia
by Singletrack Magazine
Singletrack Issue 164: Editorial
by Mark Alker