ALL YOUR PASSWORDS ARE AT RISK

I put this on the Rigs of Rods forums as well, and, just to cover all of my bases, I thought I'd post it here too:

Within the last hour or so, a serious bug in the OpenSSL software, labeled "Heartbleed", became known. The gist of it is this: on any website using OpenSSL, all of your personal data that has been encrypted is completely available to external sources.

I'm probably getting most of everything wrong, so you can read more here:

http://heartbleed.com/

If you want to make sure you stay safe, then change your passwords so that they are not all the same.

 

Thanks Wheelie, but which websites use OpenSSL?

 

(imported from here)

 

at first I read "all your password are belong to us"

 

And this is why you never use you real info for anything online, weather you trust the site or not.

 

Not really sure what to do about this, it seem Pointless changing my password untill it gets universally fixed.

 

Not really sure what anyone would want to do with my password for this site..

 

download the game, and mods? (provided your order is linked with your account)

 

I use the same password for everything (i know not smart). I need to change them all up.

 

- from stackoverflow.

it's not a direct risk to invidivual users, but a motivated attacker could eventually find their way into a website that uses SSL and *then* steal user data.

beamng.com doesn't have any ssl (good one, tdev) so it shouldn't be attackable.

 

how is not having a secure connection a good thing? (at the not having ssl being a good one on tdev, inb4 anyone says something about this bug, the openssl team has already fixed it, and is rolling out the update)

 

two memes to describe what i fought when i saw the title...

 

Alright, yes, the title is a but overdramatic, but it's true: over two thirds of all websites on the internet that need the capabilities use it as a platform. Until all of those are universally updated/patched, all of your personal information on these websites are extremely vulnerable to attack.

 

it's just ironic. tdev used to work in security but this website doesn't have any sort of SSL. just in this one case was SSL a bad thing to have.

the OpenSSL team can roll out the update as soon as they want, but it's up to individual system administrators to actually adopt the update and make sure their systems are up to date. and LOTS of people will be running outdated versions for weeks. people still run outdated and insecure versions of windows XP all over the world, despite microsoft rolling out security fixes.

the bug is already out there and will affect systems for weeks, months, years to come.

@ orangelazer: i wish everyone made it so easy for me to figure out if they should be on my ignore list

 

you mean openssl would have been a bad thing to have, there are obviously other ssl systems

also, how would you know where tdev used to work?

 

sure, but openssl is free and used a lot. a lot. most websites use it.

linkedin

 

Unfortunately heartbleed is a real threat, hence I needed to sign out from soundcloud as a result of it:

- - - Updated - - -

Well at least soundcloud took measures.

 

This, my facebook & my email have the same password. Heh heh

Im to lazy to change anything.

 

Same everything but my Gmail uses the same password as this

 

LAZYNESS 4 LIFE