And you can visit [url=filippo.io/Heartbleed/]this page[/url] to test a server for Heartbleed
Luckily we have our magic wizard Jey protecting us Sonatians
| Star Sonata http://forum.starsonata.com/ |
|
| Heartbleed http://forum.starsonata.com/viewtopic.php?f=4&t=58641 |
Page 1 of 1 |
| Author: | dreadlordnaf [ Wed Apr 09, 2014 1:30 pm ] |
| Post subject: | Heartbleed |
FYI this is a pretty significant vulnerability that will affect most people who use the internet or have the last couple years on sites they assumed were secure. http://www.usatoday.com/story/tech/2014 ... s/7501033/ You can also Google it to learn more. |
|
| Author: | The Vert [ Wed Apr 09, 2014 2:08 pm ] |
| Post subject: | Re: Heartbleed |
And you can visit [url=filippo.io/Heartbleed/]this page[/url] to test a server for Heartbleed Luckily we have our magic wizard Jey protecting us Sonatians
|
|
| Author: | bageese [ Thu Apr 10, 2014 12:41 pm ] |
| Post subject: | Re: Heartbleed |
And here's your official response! http://www.starsonata.com/news/star-son ... eartbleed/ How Jey explained how we used the software, there was hardly any risk to Star Sonata players, but we ARE patched now and everything's good. |
|
| Author: | rand4505 [ Thu Apr 10, 2014 4:03 pm ] |
| Post subject: | Re: Heartbleed |
bageese wrote: And here's your official response! http://www.starsonata.com/news/star-son ... eartbleed/ How Jey explained how we used the software, there was hardly any risk to Star Sonata players, but we ARE patched now and everything's good. Well first off, you have to be actually using OpenSSL to be affected by the Heartbleed issue. And as everyone should already know, all Player level communications are transmitted in the clear, zero encrypted communications, between the server and the player, including your password and login from the client. The only area Starsonata has that uses ANY encryption is the area containing the subscription information, and everyone should be able to check that from there browser, Hello little green padlock, I see you, all is good in browser land. Nothing to see here, move along, move along. You might try checking your cert pinning to see if the certs have been reissued since the Heartbleed discovery. Gotta love handwaving, Move Along, Move Along. |
|
| Author: | anilv [ Thu Apr 10, 2014 7:19 pm ] |
| Post subject: | Re: Heartbleed |
Didn't they start encrypting login info a month or so ago? |
|
| Author: | Zekk [ Fri Apr 11, 2014 7:51 pm ] |
| Post subject: | Re: Heartbleed |
anilv wrote: Didn't they start encrypting login info a month or so ago? Probably not. From what I hear, OpenSSL is a pain in the ass to use: crappy C code... |
|
| Author: | anilv [ Fri Apr 11, 2014 8:03 pm ] |
| Post subject: | Re: Heartbleed |
I distinctly remember Jey saying that the chat client no longer works because it was not updated to handle encrypted logins. |
|
| Page 1 of 1 | All times are UTC - 5 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|