Jump to content

Heartbleed

Cellar

By Cellar
in Help & Support

Recommended Posts

Iwan Kemp

Iwan Kemp

Posted

And any other site...

 

Still not clear to me. Can they through The Hub's vulnerability gain access to my other passwords as well?

 

http://img2.wikia.nocookie.net/__cb20110509221950/cartoonnetwork/images/a/a2/Ir001.gif

Link to comment
Share on other sites
  • Replies 32
  • Created
  • Last Reply
Cellar

Cellar

Posted

Thanks for the explanation. Just to be clear, is the worst that can happen here somebody gets my Hub password an post in my behalf?

 

Of course most people re-use their username/password combinations, or some variant thereof, so accessing your gmail, or itunes, or banking, or anything else becomes so much easier.

Link to comment
Share on other sites
Iwan Kemp

Iwan Kemp

Posted

Of course most people re-use their username/password combinations, or some variant thereof, so accessing your gmail, or itunes, or banking, or anything else becomes so much easier.

 

Ah, okay. Got it.

Link to comment
Share on other sites
Matt

Matt

Posted

Hi Guys,

 

Our servers were updated and OpenSSL patched very early this morning.

 

While we don't use OpenSSL for any public facing services (general site access, login processing, etc.) it is used on our servers for backend functions.

 

The servers have been patched and relevant administrative passwords changed.

 

While there's a very low risk of users being compromised directly through The Hub, those using 3rd party logins (e.g. you use your Twitter or Facebook to login to The Hub) or with common username/email address & password combinations could be at risk.

 

So, if you:

  • Login to The Hub via Facebook or Twitter
  • Use the same username/email address and password combination on The Hub as other affected sites

It would be advised to change your password on The Hub for peace of mind.

 

Aside from just The Hub, you'd want to ensure that as soon as any other affected sites you use confirm they are patched you change passwords there too.

 

Thanks,

Matt

Link to comment
Share on other sites
Uni

Uni

Posted
Hi Guys,

 

Our servers were updated and OpenSSL patched very early this morning.

 

While we don't use OpenSSL for any public facing services (general site access, login processing, etc.) it is used on our servers for backend functions.

 

The servers have been patched and relevant administrative passwords changed.

 

While there's a very low risk of users being compromised directly through The Hub, those using 3rd party logins (e.g. you use your Twitter or Facebook to login to The Hub) or with common username/email address & password combinations could be at risk.

 

So, if you:

  • Login to The Hub via Facebook or Twitter
  • Use the same username/email address and password combination on The Hub as other affected sites

It would be advised to change your password on The Hub for peace of mind.

 

Aside from just The Hub, you'd want to ensure that as soon as any other affected sites you use confirm they are patched you change passwords there too.

 

Thanks,

Matt

 

 

Thanks for the feedback. Saw this on twitter for those interested.

 

post-44041-1397279059,7652.jpg

Link to comment
Share on other sites
Cellar

Cellar

Posted

It's weird how few people out there are even aware of this issue, and even more exasperating that they don't care when they get informed.

Link to comment
Share on other sites
Uni

Uni

Posted
It's weird how few people out there are even aware of this issue, and even more exasperating that they don't care when they get informed.

 

I don't think it's a case of "don't care"- more like don't understand. Joe public and even quasi geeks like myself get into a habit of trusting things to just work. We get a false sense of security when we see a little lock symbol, put all on details in and never think about where that data is going.

 

Start mentioning SSL and encryption and keys and heartbeats and packets and you've lost them.

 

One time when Microsoft Servers actually come out tops.

 

Link to comment
Share on other sites
Cellar

Cellar

Posted

I guess you're right.

 

Anyone see the report that claims the NSA knew about this, and has been exploiting it for years?

Link to comment
Share on other sites
Cellar

Cellar

Posted

One time when Microsoft Servers actually come out tops.

 

Problem is that 90% of the internet is running on OpenSSL...

Link to comment
Share on other sites
Cellar

Cellar

Posted

It's been around for at least 2 years

 

Think the vuln has been there for longer, it's just a question of who became aware of it when, and what they did with the knowledge. What's clear is that we have all been leaking sensitive information for years. Quite possibly, someone has been collecting it.

Link to comment
Share on other sites
Uni

Uni

Posted

 

Think the vuln has been there for longer, it's just a question of who became aware of it when, and what they did with the knowledge. What's clear is that we have all been leaking sensitive information for years. Quite possibly, someone has been collecting it.

 

We are the starring role in our own Truman a Show. They know ;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
Buy & Sell Forums Events News Stolen Bikes
Latest Ads Create Ad

All Categories

Cycling Industry Jobs All Categories

Bikes

Mountain Bikes Road Bikes Electric Bikes Triathlon & Time Trial Bikes Gravel & Cyclocross Bikes Commuter Bikes Kids Bikes Track Bikes Fat Bikes Tandem Bikes BMX Bikes Vintage Bikes Unicycles All Bikes

Electric Bikes

Mountain E-Bikes Road E-Bikes Commuter E-Bikes E-bike Frames & Parts All Electric Bikes

Frames

MTB Frames Road Frames Triathlon & TT Frames Gravel & CX Frames All Frames

Components

Drivetrain (Gears) All MTB Components All Road Components MTB Groupsets Road Groupsets Forks Rear Shocks Brakes Handlebars Stems Saddles Seat Posts Dropper Seat Posts Pedals Power Meters Vintage Components All Components

Wheels & Tyres

Complete Wheels Road Bike Wheels MTB Wheels Gravel Bike Wheels Rims Hubs Road Tyres MTB Tyres Gravel Tyres All Wheels & Tyres

Accessories

Electronic Gadgets Computers & GPS Watches & Wearables Bike Racks & Trailers Indoor Trainers & Accessories Kids Seats & Carriers Hydration & Bottles Bags & Backpacks Workshop & Tools Safety & Bike Protection Nutrition & Body All Accessories

Clothing & Apparel

Shoes Helmets Eyewear Jerseys Lycra Shorts Baggy Shorts Jackets Trisuits & Wetsuits Gloves Protective Gear Other Apparel All Clothing & Apparel

Events & Services

Event Entries Accommodation & Tours Shuttles & Bike Transport Cycling Industry Jobs Bike Services & Repairs Bike Fitment, Coaching & Training Bike Rentals Other Services All Events & Services
Sell on Bike Hub
Active Topics

Forums

General The Bike Room Sponsored
New to Cycling Ask Anything What Bike to Buy?
Gear & Bikes Tech Q&A Buyers Advice New Gear Post Your Bike & Projects Bike Shops & Services Retro / Vintage Bikes
Events & Training Events Pro Cycling Training, Health & Nutrition
Riding Group Rides Routes & Trails Share your Ride & Travels
Discipline-Specific Gravity Fixie & Singlespeed Commuting Multisport
Safety & Awareness Stolen Bikes Cycling Safety Fraud Alert Lost & Found Good Causes
Off Topic Chit Chat
Create a Topic Search Forums
Tech Events & Industry News Adventure & Travel Tips & Advice Promotions View all
Upcoming Events Create Event

All Event Categories

Browse by Category Mountain Bike Gravel and Cyclocross Virtual Ride Road Multisport General and Industry
Browse by Province Gauteng KwaZulu-Natal Free State Mpumalanga Northern Cape Western Cape Eastern Cape Limpopo North West International
Guest
Settings
    • My Forum Content My Followed Content Forum Settings
    • Ad Messages My Ads My Favourites My Saved Alerts My Pay Deals
    • Help Logout