Passwords and General Update

Post Reply
User avatar
Moto
Site Admin
Posts: 1297
Joined: Sun Aug 23, 2009 7:08 pm
Location: North Dakota
Contact:

I was looking through the list of sites that were susceptible to the recent heartbleed troubles... I don't know all of the details, but it is safe to assume that we were not protected.

However, I do not expect a site like ours to be targeted for any reason. I block traffic from a lot of troubled areas around the world which probably doesn't hurt.

But... if you reused passwords on a bunch of sites you may want to change this one too.

You will certainly want to change passwords on accounts that have personal data.

In other news. I'm getting sent to a new drilling location in western ND. It appears to be on the edge of a reservation in the middle of nowhere so I'm not going to hold my breath on having dependable internet. I will do my best to check the site, but sometimes it is hard.
User avatar
Moto
Site Admin
Posts: 1297
Joined: Sun Aug 23, 2009 7:08 pm
Location: North Dakota
Contact:

If I do have reasonable internet I will likely start looking into significant back end updates. I have a feeling the current theme we use may not be compatible so the site might be a little ugly at some point in the future. We'll see I'll probably have to do some real testing this time since we have enough activity that people can actually tell when I mess things up.

In the good old days I just updated the live server and hoped for the best. Oh... and I'm really out of practice at messing with such things.
SamirD
Posts: 3005
Joined: Thu Dec 05, 2013 4:07 pm
Location: HSV and SFO
Contact:

Yeah, I've seen the hacking attempts at user passwords on a bit of an upswing lately too. I even had my vb.org account locked because someone tried to hack it. Rule of thumb--ALWAYS use a strong password that isn't a word.

And don't worry about making the cite 'pretty' because function is always > form. 8-)
bootymac
Posts: 1611
Joined: Fri Jul 19, 2013 1:04 am

I'm not entirely sure about the technical details, but if our server uses OpenSSL then it needs to be updated asap before we can safely change our passwords

I tried checking our site but the connection seems to timeout

http://filippo.io/Heartbleed/
https://lastpass.com/heartbleed/

Edit: Heartbleed might not be as bad as we thought: http://mobile.theverge.com/2014/4/11/56 ... -after-all
User avatar
LPSISRL
Posts: 988
Joined: Tue Jun 18, 2013 12:49 pm
Location: Chesapeake, Virginia

Not so sure about it not being as bad. Check out www.heartbleed.com for both easy and technical information.
Here's a quote: "We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."
2011 Kizashi SLS CVT (silver)
2005 Honda Odyssey
Priors:
2009 Suzuki SX4 Cross AWD 5-speed Tech package (vapor metallic blue)
SamirD
Posts: 3005
Joined: Thu Dec 05, 2013 4:07 pm
Location: HSV and SFO
Contact:

We're not using TLS/SLS protocols for anything on here. The only thing that's on the client side is html to the browser. Seems like the heartbleed bug is to crack into all the VPNs going over http over the Internet. I never thought that was a good idea. :lol:
User avatar
Moto
Site Admin
Posts: 1297
Joined: Sun Aug 23, 2009 7:08 pm
Location: North Dakota
Contact:

You are correct. I started thinking about it after I made that post.

I may enable SSL when I do the next major update, for for now there would not be a problem.
~tc~
Posts: 999
Joined: Tue Mar 29, 2011 3:33 am
Location: Houston, TX USA

For the sites that are vulnerable, it's very bad - but not that many sites are actually vulnerable - only 47 out of the top 1000 websites and 628 out of the top 10,000 were deemed vulnerable from a test published on GitHub.
2011 Sport SLS with nav Black Pearl Metallic
User avatar
Woodie
Posts: 1071
Joined: Sun Apr 28, 2013 10:09 am
Location: Laurel, MD

Thank god you're here, we've been waiting for an answer for seven years.
Alcohol, Tobacco, and Firearms
Should be a convenience store, not a government agency
Post Reply