Guest
home
beatmaps
rankings
community
store
help
forum
  1. Forums
  2. Other
  3. General Discussion

Heartbleed thoughts?

posted
Total Posts
8
Jing Yuan
1,500 posts
Joined September 2013
Topic Starter
Jing Yuan
Just realised this, but as the Heartbleed bug only affects openSSL versions 10.1e-f (probably wrong), the people who were too lazy to update their openSSL are completely safe.

Also, my dad, an IT guy explained this, but you should not change your passwords. (At least until the bug is patched) Because the Heartbleed is more likely to get more recent information, and you changing your password to protect against this bug is recent, you are actually more vulnerable if you change your passwords. So just wait until the sites have patched the bug, then change password.

(For those who don't know what Heartbleed is, xkcd explains it pretty well. But it is quite interesting to get it in detail.)


wow this is a long post
piruchan
753 posts
Joined October 2013
piruchan
I haven't really thought much about it.

I don't have many important accounts on the internet though (only e-mail and bank), and I'm pretty sure that bad people won't bother doing something with my osu! account.
Shivarion
475 posts
Joined August 2013
Shivarion
?
PinkHusky
28 posts
Joined April 2013
PinkHusky

Shivarion wrote:

?
Heartbleed is a bug that allows a person to send request to a server and to get a response back in return with more information that a person would normally be able to get.

Hacker sends request>Server sends "blah" + "400000 characters of stuff you shouldn't receive"> In that 64Kbs of data that you shouldn't be getting a hacker can find the encryption algorithm and private keys that the company uses to encrypt passwords and web traffic. The data can also include usernames of people who have recently logged in etc. The bug also leaves very few traces behind so an attacker can try as many times as they like.

Cloudflare did a test on it and it took someone 2.5 millions request and another person 100,000 request to get the data. Only 4 people in total found it over the course of a day. (2.5 million request that were sent were 30% of the total request sent over the course of that day)

I'm not worried about it at all since anything important like banks and etc. don't use openSSL and since there are SOOOO many people who have junk usernames and etc the likely hood of someone hacking you is...low. No one knew about the bug and if they did they wouldn't really want to waste time with middle class people, I guess?
Shivarion
475 posts
Joined August 2013
Shivarion

PinkHusky wrote:

Shivarion wrote:

?
i'm actually refering to the link... it looks similiar or probably a dupe...?


PinkHusky wrote:

Heartbleed is a bug that allows a person to send request to a server and to get a response back in return with more information that a person would normally be able to get.
Hacker sends request>Server sends "blah" + "400000 characters of stuff you shouldn't receive"> In that 64Kbs of data that you shouldn't be getting a hacker can find the encryption algorithm and private keys that the company uses to encrypt passwords and web traffic. The data can also include usernames of people who have recently logged in etc. The bug also leaves very few traces behind so an attacker can try as many times as they like.

Cloudflare did a test on it and it took someone 2.5 millions request and another person 100,000 request to get the data. Only 4 people in total found it over the course of a day. (2.5 million request that were sent were 30% of the total request sent over the course of that day)

I'm not worried about it at all since anything important like banks and etc. don't use openSSL and since there are SOOOO many people who have junk usernames and etc the likely hood of someone hacking you is...low. No one knew about the bug and if they did they wouldn't really want to waste time with middle class people, I guess?
Thank you for the explanation and btw what is "openSSL"...?
IppE
IppE

Shivarion wrote:

Thank you for the explanation and btw what is "openSSL"...?
Open source implementation of SSL basically.
Lewder
654 posts
Joined October 2012
Lewder
personally when i first heard about it i didn't give a shit, minor users like ourselves are very unlikely to be affected by heartbleed in a major way, developer accounts are open to being - and have been - affected by the heartbleed bug
if anyone has any more questions about heartbleed, don't ask others to quote or explain information from this website, just read it yourselves
tn5421
72 posts
Joined September 2013
tn5421
So basically everything was affected blah blah don't change passwords until it is fixed.
Please sign in to reply.

New reply

0
1 / 8