Azi al'Thone
Gaidin
As many of you have likely heard to some degree or another, a bug found in OpenSSL on Apr 7 has affected a majority of the internet.
I'll spare you most of the gory details, but the bug effectively lets attackers obtain private data from servers, including usernames and passwords as they are being passed to the server. As far as I understand, the bug was found without any evidence of an attack, though it's said that attacks would be hard, if not impossible, to detect.
I've read some articles that suggest the threat isn't as dangerous as initially thought, since only flushed data can be read and the scariest of this data doesn't get flushed frequently.
So, what does that mean for TarValon.Net? Well, the good news is that we really aren't affected. The version of OpenSSL installed on our servers is pretty old and thus isn't affected by the bug. We also are still working on implementing HTTPS for web traffic (though that's been challenge after challenge), so we don't have any web bindings that use OpenSSL (though other SSL traffic may be just as vulnerable).
Defen and I are working on upgrading the server software anyways for the future, so expect some planned maintenance coming up soon.
Regardless of this, you're probably going to be affected to a much bigger degree on the rest of the sites you frequent. We recommend changing your passwords frequently anyways, and now is a good time to do so for all sites you visit, especially anything financial.
You can read some of the technical things here:
http://heartbleed.com/
Thanks,
Azi al'Thone
Master of the Watch
I'll spare you most of the gory details, but the bug effectively lets attackers obtain private data from servers, including usernames and passwords as they are being passed to the server. As far as I understand, the bug was found without any evidence of an attack, though it's said that attacks would be hard, if not impossible, to detect.
I've read some articles that suggest the threat isn't as dangerous as initially thought, since only flushed data can be read and the scariest of this data doesn't get flushed frequently.
So, what does that mean for TarValon.Net? Well, the good news is that we really aren't affected. The version of OpenSSL installed on our servers is pretty old and thus isn't affected by the bug. We also are still working on implementing HTTPS for web traffic (though that's been challenge after challenge), so we don't have any web bindings that use OpenSSL (though other SSL traffic may be just as vulnerable).
Defen and I are working on upgrading the server software anyways for the future, so expect some planned maintenance coming up soon.
Regardless of this, you're probably going to be affected to a much bigger degree on the rest of the sites you frequent. We recommend changing your passwords frequently anyways, and now is a good time to do so for all sites you visit, especially anything financial.
You can read some of the technical things here:
http://heartbleed.com/
Thanks,
Azi al'Thone
Master of the Watch
