Personal computing discussed

Moderators: renee, Kevin

 
Cyril
Gerbil First Class
Topic Author
Posts: 173
Joined: Fri Feb 24, 2006 5:18 pm
Location: Vancouver, BC
Contact:

A quick service announcement about that OpenSSL exploit

Tue Apr 08, 2014 9:59 am

So, it turns out that there's a pretty serious vulnerability in OpenSSL, and a large section of the web is affected. Until this morning, so was TR.

We've updated the version of OpenSSL running on TR to address the problem. According to the Heartbleed test, we are no longer vulnerable.

However, if you have an account here, we strongly recommend updating your password. We cannot guarantee that some user passwords haven't been sniffed. If you use the same password on another site, it may be a good idea to change it there, too—so long as that other site doesn't fail the Heartbleed test.

Credit card information for subscribers was not compromised. That information never traveled through our servers, nor was it ever stored there. All credit card information for TR subscriptions was and will continue to be handled solely by our payment processor, Stripe. When we offer to "save" your credit card information, we're simply saving a reference to the card in Stripe's database.
 
bthylafh
Maximum Gerbil
Posts: 4320
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: A quick service announcement about that OpenSSL exploit

Tue Apr 08, 2014 9:22 pm

Thanks for the heads up, Cyril.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
StaticFX
Gerbil
Posts: 48
Joined: Tue Apr 08, 2014 1:48 pm

Re: A quick service announcement about that OpenSSL exploit

Wed Apr 09, 2014 1:51 pm

saw this today! wow... im glad I dont have accounts at most of the sites affected... yahoo is a huge one... wait. Do I have an account? lol :o brb

lol I do!! but its not anything I used now - i dont think I have been to yahoo for years (except maybe an accidental click)
 
zloyscuko
Gerbil In Training
Posts: 2
Joined: Fri Apr 11, 2014 5:30 am
Location: Russia, Khabarovsk

Re: A quick service announcement about that OpenSSL exploit

Fri Apr 11, 2014 6:55 am

Thanks, ok.
 
Buub
Maximum Gerbil
Posts: 4969
Joined: Sat Nov 09, 2002 11:59 pm
Location: Seattle, WA
Contact:

Re: A quick service announcement about that OpenSSL exploit

Mon Apr 14, 2014 12:06 pm

Question: were the SSL certificates updated?
 
morphine
TR Staff
Posts: 11600
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: A quick service announcement about that OpenSSL exploit

Mon Apr 14, 2014 12:10 pm

Yes sir. If you check our SSL cert, you'll see that it's valid from the 8th of April onwards, when it was re-keyed and reissued.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On