Jump to content

39 posts in this topic

Posted

Regarding this news post http://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that (Y)

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine :p

 

Edit: This affects everyone, because everyone is logged in securely.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

I'm not fussed if someone logs into my account - they can up my post count while they are at it. Thanks for the heads up though

6 people like this

Share this post


Link to post
Share on other sites

Posted

Subscribers (2) only or everyone should?

Share this post


Link to post
Share on other sites

Posted

Subscribers (2) only or everyone should?

 

Everyone logs in via SSL so everyone would need to change their passwords

2 people like this

Share this post


Link to post
Share on other sites

Posted

Everyone logs in via SSL so everyone would need to change their passwords

 

Thanks...

Share this post


Link to post
Share on other sites

Posted

Yep, everyone.. I will update the OP.

Share this post


Link to post
Share on other sites

Posted

I've just updated my password. You can expect an email from me tomorrow when I've forgotten what I set it to. :p
3 people like this

Share this post


Link to post
Share on other sites

Posted

Imma leave mine as it is, simply because I dont even know my password, I use Facebook to login :D

Share this post


Link to post
Share on other sites

Posted

Changed! Now: password1

9 people like this

Share this post


Link to post
Share on other sites

Posted (edited)

Changed! Now: password1

 
Not fair, I wanted to use that one! I'll go with that one then
 
http://www.youtube.com/watch?v=_JNGI1dI-e8

Edit: One day, I will figure out how to embed youtube videos on the first try. AUGH! Edited by Vykranth
3 people like this

Share this post


Link to post
Share on other sites

Posted

Appreciate the heads-up!

Share this post


Link to post
Share on other sites

Posted

Thanks! Password changed!

Share this post


Link to post
Share on other sites

Posted

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

Share this post


Link to post
Share on other sites

Posted

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

1 person likes this

Share this post


Link to post
Share on other sites

Posted

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

 

That seems to have fixed it, thanks! Thanks for the birthday part as well. :)

Share this post


Link to post
Share on other sites

Posted

Changed to "qwerty". Thanks! ;)

 

Seriously, what's the point of rushing to change my passwords if the sites I deal with haven't updated their security procedures? The new passwords will be just as vulnerable, won't they?

 

I'm not trying to be snarky. Just wondering. TIA.

Share this post


Link to post
Share on other sites

Posted

Wouldn't it only effect people if they tried to login while someone was looking? I'm going to chance my password, but just to understand how this worked...

Share this post


Link to post
Share on other sites

Posted

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

[attachment=359725:Why.PNG]

Share this post


Link to post
Share on other sites

Posted

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

attachicon.gifWhy.PNG

i refer you to my previous post

 

log out and then back in. a new password cookie needs to be created for the front page

Share this post


Link to post
Share on other sites

Posted

I thought this (Heartbleed) issue was known about for a while now. But they only just issued a fix for it, correct?

Share this post


Link to post
Share on other sites

Posted

Changed it now!

Share this post


Link to post
Share on other sites

Posted

new password: Neo-bring-babes-back

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Regarding this news post http://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that thumbs_up.gif

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine tongue.png

 

Edit: This affects everyone, because everyone is logged in securely.

 

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

Share this post


Link to post
Share on other sites

Posted

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

 

Isn't that only if you google or some how get duped into clicking on a fake Neowin link. If you bookmark neowin and use that we should be ok.

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

Share this post


Link to post
Share on other sites

Posted

Neobond, I've been using the same password on this site since i register on it! Do you really think I'm going to change it?

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

 

good call.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.