Heartbleed Bug

Discussion in 'Site Announcements' started by Azi al'Thone, Apr 12, 2014.

  1. Azi al'Thone

    Azi al'Thone Gaidin

    Joined:
    Apr 28, 2010
    Messages:
    5,583
    Location:
    Windsor, ON
    As many of you have likely heard to some degree or another, a bug found in OpenSSL on Apr 7 has affected a majority of the internet.

    I'll spare you most of the gory details, but the bug effectively lets attackers obtain private data from servers, including usernames and passwords as they are being passed to the server. As far as I understand, the bug was found without any evidence of an attack, though it's said that attacks would be hard, if not impossible, to detect.

    I've read some articles that suggest the threat isn't as dangerous as initially thought, since only flushed data can be read and the scariest of this data doesn't get flushed frequently.

    So, what does that mean for TarValon.Net? Well, the good news is that we really aren't affected. The version of OpenSSL installed on our servers is pretty old and thus isn't affected by the bug. We also are still working on implementing HTTPS for web traffic (though that's been challenge after challenge), so we don't have any web bindings that use OpenSSL (though other SSL traffic may be just as vulnerable).

    Defen and I are working on upgrading the server software anyways for the future, so expect some planned maintenance coming up soon.

    Regardless of this, you're probably going to be affected to a much bigger degree on the rest of the sites you frequent. We recommend changing your passwords frequently anyways, and now is a good time to do so for all sites you visit, especially anything financial.

    You can read some of the technical things here:

    http://heartbleed.com/

    Thanks,
    Azi al'Thone
    Master of the Watch
     
  2. Elbereth Gailbridhil

    Elbereth Gailbridhil Aes Sedai

    Joined:
    Feb 24, 2003
    Messages:
    224
    Location:
    Montreal, Canada
  3. Elorenya d'Rahien

    Elorenya d'Rahien Aes Sedai

    Joined:
    Feb 6, 2013
    Messages:
    7,289
    Location:
    Seattle
    Thank you for the confirmation that the Tower isn't affected, Azi Gaidin. :acurtsey