Personal computing discussed

Moderator: Kevin

 
Cyril
Gerbil First Class
Topic Author
Posts: 171
Joined: Fri Feb 24, 2006 5:18 pm
Location: Vancouver, BC
Contact:

A quick service announcement about that OpenSSL exploit

Tue Apr 08, 2014 9:59 am

So, it turns out that there's a pretty serious vulnerability in OpenSSL, and a large section of the web is affected. Until this morning, so was TR.

We've updated the version of OpenSSL running on TR to address the problem. According to the Heartbleed test, we are no longer vulnerable.

However, if you have an account here, we strongly recommend updating your password. We cannot guarantee that some user passwords haven't been sniffed. If you use the same password on another site, it may be a good idea to change it there, too—so long as that other site doesn't fail the Heartbleed test.

Credit card information for subscribers was not compromised. That information never traveled through our servers, nor was it ever stored there. All credit card information for TR subscriptions was and will continue to be handled solely by our payment processor, Stripe. When we offer to "save" your credit card information, we're simply saving a reference to the card in Stripe's database.
 
bthylafh
Grand Gerbil Poohbah
Posts: 3717
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: A quick service announcement about that OpenSSL exploit

Tue Apr 08, 2014 9:22 pm

Thanks for the heads up, Cyril.
Hakkaa päälle!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|SanDisk Ultra II 480GB|1988 Model M|Saitek X-45|Logitech MX 518 & F310|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
 
StaticFX
Gerbil
Posts: 48
Joined: Tue Apr 08, 2014 1:48 pm

Re: A quick service announcement about that OpenSSL exploit

Wed Apr 09, 2014 1:51 pm

saw this today! wow... im glad I dont have accounts at most of the sites affected... yahoo is a huge one... wait. Do I have an account? lol :o brb

lol I do!! but its not anything I used now - i dont think I have been to yahoo for years (except maybe an accidental click)
 
zloyscuko
Gerbil In Training
Posts: 2
Joined: Fri Apr 11, 2014 5:30 am
Location: Russia, Khabarovsk

Re: A quick service announcement about that OpenSSL exploit

Fri Apr 11, 2014 6:55 am

Thanks, ok.
 
Buub
Maximum Gerbil
Posts: 4380
Joined: Sat Nov 09, 2002 11:59 pm
Location: Seattle, WA
Contact:

Re: A quick service announcement about that OpenSSL exploit

Mon Apr 14, 2014 12:06 pm

Question: were the SSL certificates updated?
 
morphine
Silver subscriber
Gerbilus Supremus
Posts: 11154
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: A quick service announcement about that OpenSSL exploit

Mon Apr 14, 2014 12:10 pm

Yes sir. If you check our SSL cert, you'll see that it's valid from the 8th of April onwards, when it was re-keyed and reissued.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(

Who is online

Users browsing this forum: synthtel2 and 1 guest