HawthorneVillager.com

Hawthorne Village (Milton) Discussion Board
It is currently Fri Mar 29, 2024 1:51 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 11 posts ] 
Author Message
PostPosted: Sat Apr 12, 2014 2:51 pm 
Offline

Joined: Sat Mar 30, 2013 6:43 am
Posts: 305
Today is "change my passwords" day, due to the Heartbleed bug. For those who aren't familiar, the short version is that due to a bug with very common open-source software it is best to assume that your password for web services has been exposed to hackers.

The slightly longer version is that because it is so widespread, you're not sure if the site you're on has been patched or not. So while the advice is to change your passwords pretty much everywhere, you need to be aware that you could be typing your new password into a site that is still potentially leaking passwords. Yikes.

So this post is twofold:
1. Rick, have you had a chance to review the server and patch whatever is needed? Did a quick search on PHPbb and Heartbleed, looks like it's a question of the web server encryption which only you would be able to tell us.
2. Encourage everyone to change their passwords on sites that have been patched. I've been using this list as a reference, took me about 90 minutes today. http://mashable.com/2014/04/09/heartble ... s-affected

You hear alot about hacks in the news. This one isn't of the "cry wolf" variety, everyone really should take this seriously.

-Pete


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 12, 2014 3:44 pm 
Offline

Joined: Sat Mar 30, 2013 6:43 am
Posts: 305
Quick followup to this, my expectation is that this site is probably *not* affected by heartbleed, but again Rick would have to confirm.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 12, 2014 4:51 pm 
Offline

Joined: Wed Feb 24, 2010 10:00 am
Posts: 635
Location: Milton
Did a quick check, and according to the tool I used, this website comes up as being "not vulnerable." This means the SSL was detected and suspected not vulnerable. The tool I used comes from MacAfee, and available at: http://tif.mcafee.com/heartbleedtest?utf8=%E2%9C%93&q=hawthornevillager.com&commit=Scan.

_________________
Follow me on Twitter: @miltonlaura
Check out my blog: http://www.miltonviews.wordpress.com
website: www.laurarsteiner.com


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 13, 2014 11:19 am 
Offline

Joined: Sun Apr 05, 2009 1:30 am
Posts: 320
This site is not affected by heartbleed.

Your traffic isn't, nor was it ever encrypted. Consider any activity/passwords associated with this site vulnerable.


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 13, 2014 7:21 pm 
Offline

Joined: Fri Mar 28, 2008 10:15 am
Posts: 885
Location: HVE
This post is funny. How many of you actually thought that the password you've been using on this site is encrypted when sent?? Do you use https? I bet you don't. I don't think that Rick pays for a certificate for this domain, why would he bother, they're not cheap?

Remember that 90% of what you do on the internet is in the clear. If you email someone, you are sending a postcard, not a letter. Anyone whom that postcard passes on the way to its destination can read it. I bet that this statement alone is an eye opener to many.


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 14, 2014 8:01 am 
Offline

Joined: Mon Jul 07, 2008 11:55 am
Posts: 5629
I'm writing this with tears in my eyes, my family and I down here to Madrid, Spain for a short vacation to visit a resort and got mugged at gun point last night at the park of the hotel where we lodged. All cash, credit cards and mobile phone were stolen from us. thank God we still have our passport ID with us, We've been to the embassy and the Police here but they're not helping issues at all, our flight leaves today and We're having problems settling the hotel bills, we still have some money in our account but we don't have access to it right from here.

The hotel manager won't let us leave until we settle the hotel bills(€2,000 EUR)now am freaked out. Please reply and let me if can you have the money wire to us through Western Union we promise to pay back as soon as we get back home.

Regards

Justagirl :shock:

Anyone want to sending me some cash! Please save me :P :P


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 16, 2014 2:50 pm 
Offline
Site Admin
User avatar

Joined: Thu Jul 01, 2004 5:46 am
Posts: 4498
Location: Tothburg, Winter Cres.
We don't use https on here...most forums don't as there are no credit card info being transferred back and forth and yes encryption isn't free.

Saying that, things may change in the future. Google is contemplating some changes which would push more sites (even non financial data ones) to use encryption


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 16, 2014 4:10 pm 
Offline

Joined: Fri Mar 28, 2008 10:15 am
Posts: 885
Location: HVE
For those unaware, the Heartbleed bug allows an attacker to "request" 64KB of data from the memory of the web server. The data in memory has already been decrypted. The attacker can get 64KB of data, then make the request again and get another 64KB. The block of data that it gets is fairly random so it's impossible for an attacker to systematically probe the entire contents of the server's memory. That's the good news. The bad news is that within a single 64KB block, you may be able to mine lots of info about a particular person (a password and anything else exchanged during a recent transaction).

The other problem is that the server would not log anything about the request. This is why people are in a bit of a panic - nobody knows whether a particular server was ever attacked. Maybe it was, maybe it wasn't. You can't say for sure. The vulnerability has been there for 2 years.

The gc.ca site did announce the leak of ~900 SIN numbers. I can't see how they would know this directly. It's possible that all their traffic is going through some 3rd party which was able to do some level of traffic monitoring. If that's true, it could also have captured source IP's which could help identify who attacked the site. Maybe the RCMP is investigating.


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 16, 2014 7:03 pm 
Offline

Joined: Sat Jan 18, 2014 10:32 am
Posts: 873
justagirl wrote:
I'm writing this with tears in my eyes, my family and I down here to Madrid, Spain for a short vacation to visit a resort and got mugged at gun point last night at the park of the hotel where we lodged. All cash, credit cards and mobile phone were stolen from us. thank God we still have our passport ID with us, We've been to the embassy and the Police here but they're not helping issues at all, our flight leaves today and We're having problems settling the hotel bills, we still have some money in our account but we don't have access to it right from here.

The hotel manager won't let us leave until we settle the hotel bills(€2,000 EUR)now am freaked out. Please reply and let me if can you have the money wire to us through Western Union we promise to pay back as soon as we get back home.

Regards

Justagirl :shock:

Anyone want to sending me some cash! Please save me :P :P

I assume this was not a real request? :?


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 16, 2014 7:07 pm 
Offline

Joined: Fri Mar 28, 2008 10:15 am
Posts: 885
Location: HVE
Gecko wrote:
The gc.ca site did announce the leak of ~900 SIN numbers. I can't see how they would know this directly. It's possible that all their traffic is going through some 3rd party which was able to do some level of traffic monitoring. If that's true, it could also have captured source IP's which could help identify who attacked the site. Maybe the RCMP is investigating.

Wow, just a lucky guess on my part but it was bang-on:
http://ca.reuters.com/article/idCABREA3 ... F1KS-OCADN


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 16, 2014 9:26 pm 
Offline

Joined: Mon Jul 07, 2008 11:55 am
Posts: 5629
Foreveryoung wrote:
justagirl wrote:
I'm writing this with tears in my eyes, my family and I down here to Madrid, Spain for a short vacation to visit a resort and got mugged at gun point last night at the park of the hotel where we lodged. All cash, credit cards and mobile phone were stolen from us. thank God we still have our passport ID with us, We've been to the embassy and the Police here but they're not helping issues at all, our flight leaves today and We're having problems settling the hotel bills, we still have some money in our account but we don't have access to it right from here.

The hotel manager won't let us leave until we settle the hotel bills(€2,000 EUR)now am freaked out. Please reply and let me if can you have the money wire to us through Western Union we promise to pay back as soon as we get back home.

Regards

Justagirl :shock:

Anyone want to sending me some cash! Please save me :P :P

I assume this was not a real request? :?


This is not a real request ~ It's a scam alert ~
Didn't mean to alarm you
Just trying to say, if you fall for an email from a friend like this
You will lose your money
and if you respond the hacker will likely take your money then gain access to your email account and repeat process
If you do see this in your emails or if this happens to you. You are to notify the police.

This is an email scam/virus that a friend has open via an email (they will insert your friends name like the email came from him/her)
The hacker then takes your friends email address's, and sends a similar email (to the one above) out to everyone your friend has ever emailed
He also takes over the access of your friends email account, inhabiting them access
By the time your friend gets access to his account, the hacker has erased all his contacts
And hopefully his/her friends and colleges are smart enough not to send any money


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.012s | 15 Queries | GZIP : Off ]