Heartbleed - OpenSSL

[Dee Dub]

Members may have seen reports about the discovery of a security vulnerability with a commonly-used security technology known as Open SSL. The so-called "Heartbleed" vulnerability has potentially exposed our passwords on a great many secure web sites. We are advised to update our passwords, especially if people have been using the same password on many sites.

Does anyone know if the Big Trailie site has been victim to Heartbleed? And if so, has it been fixed?

 

[Ian Porter]

changing passwords while the Heartbleed bug is still in place is a bad idea,

all you are potentially doing is handing you new password to the baddies,

best practice would be to stay off any sites which require passwords etc. for a few days and then change them after that.

as for Bigtrailie we are OK as the way we host the forum means we are not affected by this

 

[Alba]

How does a user know if a site has been infected in order to stay off?

Sent from my HTC Desire 601 using Tapatalk

 

[Ian Porter]

you can run a test here but many sites are now fixed

http://filippo.io/Heartbleed/

 

[Rubberchicken]

Anything that's not on HTTPS is fine anyway. Forum won't be a problem.

Also had a fun couple of days Ian?

 

[Ian Porter]

Also had a fun couple of days Ian?

you could say that,

a lot of our phone platforms are using OpenSSL

fortunately most sites haven't upgraded in a while and are on old versions that aren't affected

 

[Rubberchicken]

Yeah same here, yay old stuff for a change. Still, a few bits affected, but mostly lots of headless chickens as it hit the news.