Change your password (Heartbleed zero-day vulnerability) CERT UPDATED!


Recommended Posts

Regarding this news post https://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that (Y)

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine :p

 

Edit: This affects everyone, because everyone is logged in securely.

Link to comment
Share on other sites

Subscribers (2) only or everyone should?

Link to comment
Share on other sites

Everyone logs in via SSL so everyone would need to change their passwords

 

Thanks...

Link to comment
Share on other sites

Imma leave mine as it is, simply because I dont even know my password, I use Facebook to login :D

Link to comment
Share on other sites

Changed! Now: password1

 

Not fair, I wanted to use that one! I'll go with that one then

 

Edit: One day, I will figure out how to embed youtube videos on the first try. AUGH!

  • Like 3
Link to comment
Share on other sites

Thanks! Password changed!

Link to comment
Share on other sites

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

Link to comment
Share on other sites

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

Link to comment
Share on other sites

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

 

That seems to have fixed it, thanks! Thanks for the birthday part as well. :)

Link to comment
Share on other sites

Changed to "qwerty". Thanks! ;)

 

Seriously, what's the point of rushing to change my passwords if the sites I deal with haven't updated their security procedures? The new passwords will be just as vulnerable, won't they?

 

I'm not trying to be snarky. Just wondering. TIA.

Link to comment
Share on other sites

Wouldn't it only effect people if they tried to login while someone was looking? I'm going to chance my password, but just to understand how this worked...

Link to comment
Share on other sites

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

post-956-0-31049600-1397058652.png

Link to comment
Share on other sites

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

attachicon.gifWhy.PNG

i refer you to my previous post

 

log out and then back in. a new password cookie needs to be created for the front page

Link to comment
Share on other sites

Regarding this news post https://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that thumbs_up.gif

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine tongue.png

 

Edit: This affects everyone, because everyone is logged in securely.

 

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

Link to comment
Share on other sites

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

 

Isn't that only if you google or some how get duped into clicking on a fake Neowin link. If you bookmark neowin and use that we should be ok.

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

Link to comment
Share on other sites

Neobond, I've been using the same password on this site since i register on it! Do you really think I'm going to change it?

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

 

good call.

Link to comment
Share on other sites

This topic is now closed to further replies.