A quick service announcement about that OpenSSL exploit

Notices, forum rules, FAQs, and other things of a critical nature.

Moderator: Kevin

A quick service announcement about that OpenSSL exploit

Postposted on Tue Apr 08, 2014 9:59 am

So, it turns out that there's a pretty serious vulnerability in OpenSSL, and a large section of the web is affected. Until this morning, so was TR.

We've updated the version of OpenSSL running on TR to address the problem. According to the Heartbleed test, we are no longer vulnerable.

However, if you have an account here, we strongly recommend updating your password. We cannot guarantee that some user passwords haven't been sniffed. If you use the same password on another site, it may be a good idea to change it there, too—so long as that other site doesn't fail the Heartbleed test.

Credit card information for subscribers was not compromised. That information never traveled through our servers, nor was it ever stored there. All credit card information for TR subscriptions was and will continue to be handled solely by our payment processor, Stripe. When we offer to "save" your credit card information, we're simply saving a reference to the card in Stripe's database.
Cyril
TR Staff
Gold subscriber
 
 
Posts: 166
Joined: Fri Feb 24, 2006 5:18 pm
Location: Vancouver, BC

Re: A quick service announcement about that OpenSSL exploit

Postposted on Tue Apr 08, 2014 9:22 pm

Thanks for the heads up, Cyril.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3171
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: A quick service announcement about that OpenSSL exploit

Postposted on Wed Apr 09, 2014 1:51 pm

saw this today! wow... im glad I dont have accounts at most of the sites affected... yahoo is a huge one... wait. Do I have an account? lol :o brb

lol I do!! but its not anything I used now - i dont think I have been to yahoo for years (except maybe an accidental click)
StaticFX
Gerbil
 
Posts: 48
Joined: Tue Apr 08, 2014 1:48 pm

Re: A quick service announcement about that OpenSSL exploit

Postposted on Fri Apr 11, 2014 6:55 am

Thanks, ok.
zloyscuko
Gerbil In Training
 
Posts: 2
Joined: Fri Apr 11, 2014 5:30 am
Location: Russia, Khabarovsk

Re: A quick service announcement about that OpenSSL exploit

Postposted on Mon Apr 14, 2014 12:06 pm

Question: were the SSL certificates updated?
Buub
Maximum Gerbil
Silver subscriber
 
 
Posts: 4200
Joined: Sat Nov 09, 2002 11:59 pm
Location: Seattle, WA

Re: A quick service announcement about that OpenSSL exploit

Postposted on Mon Apr 14, 2014 12:10 pm

Yes sir. If you check our SSL cert, you'll see that it's valid from the 8th of April onwards, when it was re-keyed and reissued.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
morphine
Gerbil Khan
Silver subscriber
 
 
Posts: 9999
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)


Return to Announcements

Who is online

Users browsing this forum: No registered users and 0 guests