Page 1 of 1
Heartbleed
Posted: Thu 10 Apr, 2014 4:26 am
by Protagonist
I am not really good with code and comptuer security. So I have to ask, is this site effected by the whole heartbleed vulnerability? What about Gamesreplays? Steam? Does anyone know?
For context, this is heartbleed:
http://www.washingtonpost.com/news/morn ... -internet/
Re: Heartbleed
Posted: Thu 10 Apr, 2014 5:07 am
by Lulgrim
I understand fuck all about all that tbh. But as for Steam,
http://www.incgamers.com/2014/04/heartb ... -say-valve
Re: Heartbleed
Posted: Thu 10 Apr, 2014 4:13 pm
by Uncle Milty
only OpenSSL. OpenSSL provides a open source SSL version basically which is used for https. No https on this site afaik. User login should be using hash functions on the php authentication framework that doesn't transmit your login data plaintext-ly.
Re: Heartbleed
Posted: Thu 10 Apr, 2014 8:04 pm
by Nuclear Arbitor
some of the newest versions of OpenSSL, 1.0.1 and 1.0.2, released in 2012, have some problems that enable 64kb of memory to be retrieved.
wikipedia has a decent overview of it.
Re: Heartbleed
Posted: Fri 11 Apr, 2014 7:19 pm
by Lulgrim
Re: Heartbleed
Posted: Fri 11 Apr, 2014 7:28 pm
by BaptismByLoli
So basically, Heartbleed causes the server to go HAL 9000 and start spilling information about everything?
Re: Heartbleed
Posted: Fri 11 Apr, 2014 8:44 pm
by Uncle Milty
yes, as long as the SSL connection needs to be kept alive. Got fixed on newer versions tho and not all old versions were affected. really stupid bug