Post new topic Reply to topic  [ 7 posts ] 
Author Message
User avatar
Team: Star Revolution X
Rank: Councilor
Main: DreadLordNaf
Level: 12667

Joined: Sun Mar 18, 2012 10:33 am
Posts: 677
Post Heartbleed
FYI this is a pretty significant vulnerability that will affect most people who use the internet or have the last couple years on sites they assumed were secure.

http://www.usatoday.com/story/tech/2014 ... s/7501033/

You can also Google it to learn more.


Wed Apr 09, 2014 1:30 pm
Profile
User avatar
Main: The Vert
Level: 60

Joined: Thu Sep 19, 2013 11:30 am
Posts: 1239
Post Re: Heartbleed
And you can visit [url=filippo.io/Heartbleed/]this page[/url] to test a server for Heartbleed :)

Luckily we have our magic wizard Jey protecting us Sonatians :D

_________________
Important bug reporting information:

Please check these Bug report guidelines before you make your first bug report, or if you are uncertain on how to do it.


Wed Apr 09, 2014 2:08 pm
Profile
Support/PR Administrator
User avatar
Main: Bageese
Level: 14

Joined: Mon Jun 04, 2012 11:56 pm
Posts: 1102
Post Re: Heartbleed
And here's your official response! http://www.starsonata.com/news/star-son ... eartbleed/

How Jey explained how we used the software, there was hardly any risk to Star Sonata players, but we ARE patched now and everything's good.

_________________
My personal blog where I talk more about video games!
For support please create a ticket here and I will get back to you as soon as I can.


Thu Apr 10, 2014 12:41 pm
Profile
User avatar
Team: Aidelon
Rank: Operator
Main: Hooch Dealer
Level: 4224

Joined: Sun Aug 07, 2005 2:20 pm
Posts: 1353
Location: Who is John Galt?
Post Re: Heartbleed
bageese wrote:
And here's your official response! http://www.starsonata.com/news/star-son ... eartbleed/

How Jey explained how we used the software, there was hardly any risk to Star Sonata players, but we ARE patched now and everything's good.



Well first off, you have to be actually using OpenSSL to be affected by the Heartbleed issue. And as everyone should already know, all Player level communications are transmitted in the clear, zero encrypted communications, between the server and the player, including your password and login from the client.

The only area Starsonata has that uses ANY encryption is the area containing the subscription information, and everyone should be able to check that from there browser, Hello little green padlock, I see you, all is good in browser land. Nothing to see here, move along, move along.

You might try checking your cert pinning to see if the certs have been reissued since the Heartbleed discovery.

Gotta love handwaving, Move Along, Move Along.

_________________
3 Basic types of players(quitters, losers, and winners) Choose your own fate.

http://www.gbtv.com
http://www.theblaze.com


Thu Apr 10, 2014 4:03 pm
Profile YIM
over 9000!
User avatar
Main: enkelin
Level: 5600

Joined: Wed Aug 01, 2007 12:28 pm
Posts: 11109
Post Re: Heartbleed
Didn't they start encrypting login info a month or so ago?

_________________
Hi, I'm Anil, a long-time player turned developer. I am Star Sonata's lead content developer, which means that I run weekly dev meetings and make sure that any proposed changes to the game receive proper review before going live.

http://www.starsonata.com/features


Thu Apr 10, 2014 7:19 pm
Profile
Member
User avatar
Team: Traders
Rank:
Main: Kyp
Level: 3482

Joined: Mon Oct 25, 2004 8:49 pm
Posts: 1172
Location: my desk
Post Re: Heartbleed
anilv wrote:
Didn't they start encrypting login info a month or so ago?

Probably not. From what I hear, OpenSSL is a pain in the ass to use: crappy C code...

_________________
Pies are yummy.


Fri Apr 11, 2014 7:51 pm
Profile
over 9000!
User avatar
Main: enkelin
Level: 5600

Joined: Wed Aug 01, 2007 12:28 pm
Posts: 11109
Post Re: Heartbleed
I distinctly remember Jey saying that the chat client no longer works because it was not updated to handle encrypted logins.

_________________
Hi, I'm Anil, a long-time player turned developer. I am Star Sonata's lead content developer, which means that I run weekly dev meetings and make sure that any proposed changes to the game receive proper review before going live.

http://www.starsonata.com/features


Fri Apr 11, 2014 8:03 pm
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © phpBB Group.