I was looking through the list of sites that were susceptible to the recent heartbleed troubles... I don't know all of the details, but it is safe to assume that we were not protected.
However, I do not expect a site like ours to be targeted for any reason. I block traffic from a lot of troubled areas around the world which probably doesn't hurt.
But... if you reused passwords on a bunch of sites you may want to change this one too.
You will certainly want to change passwords on accounts that have personal data.
In other news. I'm getting sent to a new drilling location in western ND. It appears to be on the edge of a reservation in the middle of nowhere so I'm not going to hold my breath on having dependable internet. I will do my best to check the site, but sometimes it is hard.
Passwords and General Update
If I do have reasonable internet I will likely start looking into significant back end updates. I have a feeling the current theme we use may not be compatible so the site might be a little ugly at some point in the future. We'll see I'll probably have to do some real testing this time since we have enough activity that people can actually tell when I mess things up.
In the good old days I just updated the live server and hoped for the best. Oh... and I'm really out of practice at messing with such things.
In the good old days I just updated the live server and hoped for the best. Oh... and I'm really out of practice at messing with such things.
Yeah, I've seen the hacking attempts at user passwords on a bit of an upswing lately too. I even had my vb.org account locked because someone tried to hack it. Rule of thumb--ALWAYS use a strong password that isn't a word.
And don't worry about making the cite 'pretty' because function is always > form.
And don't worry about making the cite 'pretty' because function is always > form.
I'm not entirely sure about the technical details, but if our server uses OpenSSL then it needs to be updated asap before we can safely change our passwords
I tried checking our site but the connection seems to timeout
http://filippo.io/Heartbleed/
https://lastpass.com/heartbleed/
Edit: Heartbleed might not be as bad as we thought: http://mobile.theverge.com/2014/4/11/56 ... -after-all
I tried checking our site but the connection seems to timeout
http://filippo.io/Heartbleed/
https://lastpass.com/heartbleed/
Edit: Heartbleed might not be as bad as we thought: http://mobile.theverge.com/2014/4/11/56 ... -after-all
Not so sure about it not being as bad. Check out www.heartbleed.com for both easy and technical information.
Here's a quote: "We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."
Here's a quote: "We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."
2011 Kizashi SLS CVT (silver)
2005 Honda Odyssey
Priors:
2009 Suzuki SX4 Cross AWD 5-speed Tech package (vapor metallic blue)
2005 Honda Odyssey
Priors:
2009 Suzuki SX4 Cross AWD 5-speed Tech package (vapor metallic blue)
We're not using TLS/SLS protocols for anything on here. The only thing that's on the client side is html to the browser. Seems like the heartbleed bug is to crack into all the VPNs going over http over the Internet. I never thought that was a good idea.
You are correct. I started thinking about it after I made that post.
I may enable SSL when I do the next major update, for for now there would not be a problem.
I may enable SSL when I do the next major update, for for now there would not be a problem.
For the sites that are vulnerable, it's very bad - but not that many sites are actually vulnerable - only 47 out of the top 1000 websites and 628 out of the top 10,000 were deemed vulnerable from a test published on GitHub.
2011 Sport SLS with nav Black Pearl Metallic