Page 1 of 1

Passwords and General Update

Posted: Thu Apr 10, 2014 10:08 pm
by Moto
I was looking through the list of sites that were susceptible to the recent heartbleed troubles... I don't know all of the details, but it is safe to assume that we were not protected.

However, I do not expect a site like ours to be targeted for any reason. I block traffic from a lot of troubled areas around the world which probably doesn't hurt.

But... if you reused passwords on a bunch of sites you may want to change this one too.

You will certainly want to change passwords on accounts that have personal data.

In other news. I'm getting sent to a new drilling location in western ND. It appears to be on the edge of a reservation in the middle of nowhere so I'm not going to hold my breath on having dependable internet. I will do my best to check the site, but sometimes it is hard.

Re: Passwords and General Update

Posted: Thu Apr 10, 2014 10:11 pm
by Moto
If I do have reasonable internet I will likely start looking into significant back end updates. I have a feeling the current theme we use may not be compatible so the site might be a little ugly at some point in the future. We'll see I'll probably have to do some real testing this time since we have enough activity that people can actually tell when I mess things up.

In the good old days I just updated the live server and hoped for the best. Oh... and I'm really out of practice at messing with such things.

Re: Passwords and General Update

Posted: Fri Apr 11, 2014 7:23 am
by SamirD
Yeah, I've seen the hacking attempts at user passwords on a bit of an upswing lately too. I even had my vb.org account locked because someone tried to hack it. Rule of thumb--ALWAYS use a strong password that isn't a word.

And don't worry about making the cite 'pretty' because function is always > form. 8-)

Re: Passwords and General Update

Posted: Fri Apr 11, 2014 4:32 pm
by bootymac
I'm not entirely sure about the technical details, but if our server uses OpenSSL then it needs to be updated asap before we can safely change our passwords

I tried checking our site but the connection seems to timeout

http://filippo.io/Heartbleed/
https://lastpass.com/heartbleed/

Edit: Heartbleed might not be as bad as we thought: http://mobile.theverge.com/2014/4/11/56 ... -after-all

Re: Passwords and General Update

Posted: Fri Apr 11, 2014 5:29 pm
by LPSISRL
Not so sure about it not being as bad. Check out www.heartbleed.com for both easy and technical information.
Here's a quote: "We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."

Re: Passwords and General Update

Posted: Sat Apr 12, 2014 3:41 am
by SamirD
We're not using TLS/SLS protocols for anything on here. The only thing that's on the client side is html to the browser. Seems like the heartbleed bug is to crack into all the VPNs going over http over the Internet. I never thought that was a good idea. :lol:

Re: Passwords and General Update

Posted: Sat Apr 12, 2014 4:53 am
by Moto
You are correct. I started thinking about it after I made that post.

I may enable SSL when I do the next major update, for for now there would not be a problem.

Re: Passwords and General Update

Posted: Sat Apr 12, 2014 5:25 pm
by ~tc~
For the sites that are vulnerable, it's very bad - but not that many sites are actually vulnerable - only 47 out of the top 1000 websites and 628 out of the top 10,000 were deemed vulnerable from a test published on GitHub.

Re: Passwords and General Update

Posted: Tue Aug 31, 2021 10:32 am
by Woodie
Thank god you're here, we've been waiting for an answer for seven years.