Click for Mount Washington, New Hampshire Forecast

Mt. Washington Temp.
Click pic for forecast.

...More Topics...

 

 

Get Firefox!

Backcountry ski and snowboard gear, camping

Donate towards my web hosting bill!

Made with CSS

Validated by W3C

       
View unanswered posts | View active topics It is currently Thu Jun 21, 2018 5:38 am



Reply to topic  [ 4 posts ] 
 OpenSSL "Heartbleed" Bug 
Author Message
Master Mountaineer
User avatar

Joined: Fri Feb 01, 2013 10:04 am
Posts: 914
Location: Worcester, MA
Reply with quote
 OpenSSL "Heartbleed" Bug
Greetings Moderators,
Can you comment if the site was vulnerable to the Heartbleed bug found within OpenSSL that compromises password integrity? In short, do we all need to change our passwords? (TIM - How about VFTT?)

Thanks.

_________________
Nothin' on the top but a bucket and a mop,
and an illustrated book about birds.
You see alot up there, but don't be scared:
Who needs actions when you got words?


Thu Apr 17, 2014 9:02 am
Profile
Sovereign Woodsman
User avatar

Joined: Sun May 20, 2012 5:11 am
Posts: 2447
Location: Concord, NH
Reply with quote
 
I know this is different, but the truckers board I moderate is getting spammed like crazy every day. I've been checking their IP's, and info. They all come from a Chinese firm with a datacenter presence at a company in San Jose, California. The company is, PEG TECH INC.

_________________
Hiking Photos: http://www.Joes-Hiking-Photos.com
YouTube Videos: http://www.Joes-Hiking-Videos.com
Dunbarton Videos: https://www.youtube.com/channel/UCWFO2A ... Ka2z8Jc1Kg


Thu Apr 17, 2014 9:26 am
Profile
Sovereign Woodsman
User avatar

Joined: Wed Sep 07, 2011 8:10 pm
Posts: 2364
Location: Natick, MA
Reply with quote
 
I don't believe this site uses SSL at all, I don't see the usual signs of SSL-securing when I am logging in. Which means it is not vulnerable to that specific exploit. And even an SSL site was only vulnerable if it used OpenSSL for encryption (which, admittedly, an open-source BB like PHPBB would be likely to use - heck even Dropbox uses OpenSSL).


On a side note, I've read that it is possible (if difficult) to obtain a site's security certificate through this bug. If that were to happen, my understanding is that changing your password would be useless until a new certificate was generated for the site. Only after the new certificate was in place would changing your password matter. Perhaps Tim or some other knowledgeable person could confirm/deny?


iagreewithjamie: RE: VFTT, check this thread: http://www.vftt.org/forums/showthread.php?53002-Heartbleed-Impact. Short answer, Views is not affected (no SSL at all).

_________________
NH 4K x6 || NH W4K || NE4K || NEHH || WNE4K 64/67 || 52WAV 19/52

My Trip Reports: http://mattshikes.blogspot.com/


Thu Apr 17, 2014 9:52 am
Profile
Sovereign Woodsman
User avatar

Joined: Sun May 20, 2012 5:11 am
Posts: 2447
Location: Concord, NH
Reply with quote
 
Here's the info on this Heartbleed Bug. "Crazy"! http://heartbleed.com/

_________________
Hiking Photos: http://www.Joes-Hiking-Photos.com
YouTube Videos: http://www.Joes-Hiking-Videos.com
Dunbarton Videos: https://www.youtube.com/channel/UCWFO2A ... Ka2z8Jc1Kg


Thu Apr 17, 2014 3:13 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 4 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Hike-NH.com based on STSoftware.