Sign in to follow this  

Change your password (Heartbleed zero-day vulnerability) CERT UPDATED!

Recommended Posts

Steven P.    8,560

Regarding this news post http://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that (Y)

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine :p

 

Edit: This affects everyone, because everyone is logged in securely.

  • Like 1

Share this post


Link to post
Share on other sites
Shaun N.    568

I'm not fussed if someone logs into my account - they can up my post count while they are at it. Thanks for the heads up though

  • Like 6

Share this post


Link to post
Share on other sites
+Zlip792    459

Subscribers (2) only or everyone should?

Share this post


Link to post
Share on other sites
Shaun N.    568

Subscribers (2) only or everyone should?

 

Everyone logs in via SSL so everyone would need to change their passwords

  • Like 2

Share this post


Link to post
Share on other sites
+Zlip792    459

Everyone logs in via SSL so everyone would need to change their passwords

 

Thanks...

Share this post


Link to post
Share on other sites
Steven P.    8,560

Yep, everyone.. I will update the OP.

Share this post


Link to post
Share on other sites
Nick H.    7,908

I've just updated my password. You can expect an email from me tomorrow when I've forgotten what I set it to. :p

  • Like 3

Share this post


Link to post
Share on other sites
+Anarkii    2,066

Imma leave mine as it is, simply because I dont even know my password, I use Facebook to login :D

Share this post


Link to post
Share on other sites
Crisp    3,271

Changed! Now: password1

  • Like 9

Share this post


Link to post
Share on other sites
Vykranth    527

Changed! Now: password1

 

Not fair, I wanted to use that one! I'll go with that one then

 

Edit: One day, I will figure out how to embed youtube videos on the first try. AUGH!

  • Like 3

Share this post


Link to post
Share on other sites
Grinch    163

Appreciate the heads-up!

Share this post


Link to post
Share on other sites
+xrobwx    711

Thanks! Password changed!

Share this post


Link to post
Share on other sites
Grinch    163

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

Share this post


Link to post
Share on other sites
Brandon H    1,436

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

  • Like 1

Share this post


Link to post
Share on other sites
Grinch    163

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

 

That seems to have fixed it, thanks! Thanks for the birthday part as well. :)

Share this post


Link to post
Share on other sites
COKid    873

Changed to "qwerty". Thanks! ;)

 

Seriously, what's the point of rushing to change my passwords if the sites I deal with haven't updated their security procedures? The new passwords will be just as vulnerable, won't they?

 

I'm not trying to be snarky. Just wondering. TIA.

Share this post


Link to post
Share on other sites
greenwizard88    413

Wouldn't it only effect people if they tried to login while someone was looking? I'm going to chance my password, but just to understand how this worked...

Share this post


Link to post
Share on other sites
Krome    203

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

post-956-0-31049600-1397058652.png

Share this post


Link to post
Share on other sites
Brandon H    1,436

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

attachicon.gifWhy.PNG

i refer you to my previous post

 

log out and then back in. a new password cookie needs to be created for the front page

Share this post


Link to post
Share on other sites
###    130

I thought this (Heartbleed) issue was known about for a while now. But they only just issued a fix for it, correct?

Share this post


Link to post
Share on other sites
+LimeMaster    14,459

Changed it now!

Share this post


Link to post
Share on other sites
Turk.    268

new password: Neo-bring-babes-back

  • Like 1

Share this post


Link to post
Share on other sites
+theblazingangel    137

Regarding this news post http://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that thumbs_up.gif

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine tongue.png

 

Edit: This affects everyone, because everyone is logged in securely.

 

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

Share this post


Link to post
Share on other sites
+warwagon    9,571

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

 

Isn't that only if you google or some how get duped into clicking on a fake Neowin link. If you bookmark neowin and use that we should be ok.

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

Share this post


Link to post
Share on other sites
Praetor    987

Neobond, I've been using the same password on this site since i register on it! Do you really think I'm going to change it?

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

 

good call.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.