Iwan Kemp Posted April 10, 2014 Share And any other site... Still not clear to me. Can they through The Hub's vulnerability gain access to my other passwords as well? http://img2.wikia.nocookie.net/__cb20110509221950/cartoonnetwork/images/a/a2/Ir001.gif Link to comment Share on other sites More sharing options...
Cellar Posted April 10, 2014 Share Thanks for the explanation. Just to be clear, is the worst that can happen here somebody gets my Hub password an post in my behalf? Of course most people re-use their username/password combinations, or some variant thereof, so accessing your gmail, or itunes, or banking, or anything else becomes so much easier. Link to comment Share on other sites More sharing options...
Iwan Kemp Posted April 10, 2014 Share Of course most people re-use their username/password combinations, or some variant thereof, so accessing your gmail, or itunes, or banking, or anything else becomes so much easier. Ah, okay. Got it. Link to comment Share on other sites More sharing options...
Matt Posted April 10, 2014 Share Hi Guys, Our servers were updated and OpenSSL patched very early this morning. While we don't use OpenSSL for any public facing services (general site access, login processing, etc.) it is used on our servers for backend functions. The servers have been patched and relevant administrative passwords changed. While there's a very low risk of users being compromised directly through The Hub, those using 3rd party logins (e.g. you use your Twitter or Facebook to login to The Hub) or with common username/email address & password combinations could be at risk. So, if you: Login to The Hub via Facebook or TwitterUse the same username/email address and password combination on The Hub as other affected sitesIt would be advised to change your password on The Hub for peace of mind. Aside from just The Hub, you'd want to ensure that as soon as any other affected sites you use confirm they are patched you change passwords there too. Thanks,Matt Link to comment Share on other sites More sharing options...
Slowone Posted April 10, 2014 Share Please explain to the stupid people: (i.e. me) +1 Link to comment Share on other sites More sharing options...
Cellar Posted April 10, 2014 Share Thanks Matt. Link to comment Share on other sites More sharing options...
Uni Posted April 12, 2014 Share Hi Guys, Our servers were updated and OpenSSL patched very early this morning. While we don't use OpenSSL for any public facing services (general site access, login processing, etc.) it is used on our servers for backend functions. The servers have been patched and relevant administrative passwords changed. While there's a very low risk of users being compromised directly through The Hub, those using 3rd party logins (e.g. you use your Twitter or Facebook to login to The Hub) or with common username/email address & password combinations could be at risk. So, if you: Login to The Hub via Facebook or TwitterUse the same username/email address and password combination on The Hub as other affected sitesIt would be advised to change your password on The Hub for peace of mind. Aside from just The Hub, you'd want to ensure that as soon as any other affected sites you use confirm they are patched you change passwords there too. Thanks,Matt Thanks for the feedback. Saw this on twitter for those interested. Link to comment Share on other sites More sharing options...
Cellar Posted April 12, 2014 Share It's weird how few people out there are even aware of this issue, and even more exasperating that they don't care when they get informed. Link to comment Share on other sites More sharing options...
Uni Posted April 12, 2014 Share It's weird how few people out there are even aware of this issue, and even more exasperating that they don't care when they get informed. I don't think it's a case of "don't care"- more like don't understand. Joe public and even quasi geeks like myself get into a habit of trusting things to just work. We get a false sense of security when we see a little lock symbol, put all on details in and never think about where that data is going. Start mentioning SSL and encryption and keys and heartbeats and packets and you've lost them. One time when Microsoft Servers actually come out tops. Link to comment Share on other sites More sharing options...
Cellar Posted April 12, 2014 Share I guess you're right. Anyone see the report that claims the NSA knew about this, and has been exploiting it for years? Link to comment Share on other sites More sharing options...
Cellar Posted April 12, 2014 Share One time when Microsoft Servers actually come out tops. Problem is that 90% of the internet is running on OpenSSL... Link to comment Share on other sites More sharing options...
Uni Posted April 12, 2014 Share It's been around for at least 2 years Link to comment Share on other sites More sharing options...
Cellar Posted April 12, 2014 Share It's been around for at least 2 years Think the vuln has been there for longer, it's just a question of who became aware of it when, and what they did with the knowledge. What's clear is that we have all been leaking sensitive information for years. Quite possibly, someone has been collecting it. Link to comment Share on other sites More sharing options...
Uni Posted April 12, 2014 Share Think the vuln has been there for longer, it's just a question of who became aware of it when, and what they did with the knowledge. What's clear is that we have all been leaking sensitive information for years. Quite possibly, someone has been collecting it. We are the starring role in our own Truman a Show. They know Link to comment Share on other sites More sharing options...
ThePubSA Posted April 12, 2014 Share iNgcognito ... sandbox ? Link to comment Share on other sites More sharing options...
Blokman Posted April 12, 2014 Share I thought that this was a donations thread . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.