SmartFeedSmartFeed          



WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Heartbleed bug

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
lord goldblade
Elite Baiter


Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa


PostPosted: Wed Apr 09, 2014 4:42 pm Reply with quoteBack to top

Just wondering really, is the media blowing this out of proportion or is it as bad as they are saying?

According to the BBC we should change every password we currently have?

http://www.bbc.co.uk/news/technology-26954540


Is it seriously that big of a bug?

_________________
"You are not only poor but poor bush man who have no ambition to be rich"

"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"

"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"

"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"

Easter 2015Closed lad accounts x13 Nigeria x2 United Kingdom x2 Malaysia United States China Easter Egg 2011 Ivory Coast Burkina Faso

Dead Phish - 350
View user's profileSend private messageSkype Name
music man
Moderator


Joined: 22 Sep 2005
Posts: 14298
Location: East Harlemshire , yo!


PostPosted: Wed Apr 09, 2014 6:07 pm Reply with quoteBack to top

Its pretty serious. This article gives a much better explanation as to why its such a big deal.

Quote:
The problem is fairly simple: there's a tiny vulnerability -- a simple missing bounds check -- in the code that handles TLS 'heartbeat' messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server's private key material, an attacker can potentially obtain (a) long-term server private keys, (b) TLS session keys, (c) confidential data like passwords, (d) session ticket keys


Quote:
Any of the above may allow an attacker to decrypt ongoing TLS sessions or steal useful information. However item (a) above is by far the worst, since an attacker who obtains the server's main private keys can potentially decrypt past sessions (if made using the non-PFS RSA handshake) or impersonate the server going forward. Worst of all, the exploit leaves no trace.


So, an attacker can steal the server private keys and go back and see everything on the server, both old stuff and new stuff as well.

_________________
Switzerland x2 Netherlands x2 Filipino flag United States x104 United Kingdom x213 Portugal x4 Spain x20 Belgium x4 Canada Hong Kong Italy x2 x1 France x2 Russia x2 Luxembourg Australia x2 Sweden x2 Czech Republic x2 Mortar x13

You will rot in jail.watch your back- any shadow could be mine ! YOU ARE VERY EASY TO TRACK IN YOU NEIGHBOURHOOD ! DRUNKARD AND A SCUMBAG LIKE YOU!
mike lawrence (cheque scammer)

Go fuck your dead parents asshole!!!How can a deaf fool make clean money..The money that you have will never be spent on anything reasonable.
So fuck off..dont reply me again until the cops get your stinking ass...
Lyord Melson- cheque scammer
$4.002million and £214K in fake cheques taken out of circulation. (updated May 2009)
View user's profileSend private messageSkype Name
lord goldblade
Elite Baiter


Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa


PostPosted: Wed Apr 09, 2014 6:42 pm Reply with quoteBack to top

I may go on a PW change-a-thon i think. (once the vulnerability is patched anyway

_________________
"You are not only poor but poor bush man who have no ambition to be rich"

"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"

"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"

"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"

Easter 2015Closed lad accounts x13 Nigeria x2 United Kingdom x2 Malaysia United States China Easter Egg 2011 Ivory Coast Burkina Faso

Dead Phish - 350
View user's profileSend private messageSkype Name
Fryer
Just a Jonkey


Joined: 15 Mar 2008
Posts: 2535
Location: Global Computer Mega Cafe


PostPosted: Wed Apr 09, 2014 8:20 pm Reply with quoteBack to top

^^ That's the trick. No use changing anything if the opening persists!!

_________________
Easter 2015Whip Goat x 709 Closed lad accounts x N United States x 2 Nurse Nastys Audi TT Click here for a Sure Fire Pith Helmet Modality
YOU ARE A MOTHERFUCKER SCUMBAG AND AN EMPTY VESSEL
FUCK YOU AND YOUR ENTIRE FAMILY . YOU ARE SATAN. YOU ARE ANTI-CHRIST
guy nawaaa for you oooh
View user's profileSend private message
Salting the Gold mine
Master of Master Baiters


Joined: 03 Jan 2014
Posts: 993
Location: Living next door to Alice


PostPosted: Wed Apr 09, 2014 11:35 pm Reply with quoteBack to top

When I was a boy,they used vinegar and brown paper.

_________________
Thanks for the history,are you have now....what new version are we entry.perhaps the birth of Prince George junior and how Willie Kate Middleton made love and gave birth...o'h...o'h the queen is fight war in Afganistan...Lest i forget you made love to your ground mom last nite...Uncle tell me a knew story...are you happy now........Mr H0rn J3rry or was that Mr J3rry H0rn,I never really knew Smile
-------------------------------------------------
Look Mr Man,you must be a joker to think you can't' play smart with me I was just following you to see where you land.Stop contacting me you are just a fucking shucking [email protected]

Closed lad accounts x 187 x 60

100 in 1 = 101
View user's profileSend private message
bohigal
Baiting Guru


Joined: 01 Aug 2007
Posts: 7227
Location: Epstein's Delicatessen


PostPosted: Thu Apr 10, 2014 12:34 am Reply with quoteBack to top

As I understand it, the process of stealing the information is also invisible, ie admins wouldn't even know it's happening. Ack.

_________________

Stop typing in french, am seriously dissapointed....am just confused!!!
You will have my nuts in your hands as soon as i have the latrine in my hand & i will pay the goats to the lawyer
My dear with this only, it is clear you have contacted and communicated with Africa Fraudsters and even send funds to him. what a pity!
YOU ARE A WITCH. MAY YOU MENSURATE NON STOP TILL THE END OF YOUR LIFE
Golden PithSafari Mortar Tattoo Vcamera Closed lad accountsSand Timer Team Hector:Lagos-Douala,Benin-Liberia,Senegal-Gambia-Mali-Chad, Egypt ,Awka w/ Shorty
Sand Timer Sand Timer Shorty Safari Abidjan w/ Juan
Safari Bibian
Closed lad accounts Cellphone pony Mc Fry Mc Fry Easter Egg 2013
Donate to Eater
View user's profileSend private message
lord goldblade
Elite Baiter


Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa


PostPosted: Thu Apr 10, 2014 3:07 pm Reply with quoteBack to top

List of websites affected by this from the BBC with password change advice

http://www.bbc.co.uk/news/technology-26971363

_________________
"You are not only poor but poor bush man who have no ambition to be rich"

"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"

"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"

"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"

Easter 2015Closed lad accounts x13 Nigeria x2 United Kingdom x2 Malaysia United States China Easter Egg 2011 Ivory Coast Burkina Faso

Dead Phish - 350
View user's profileSend private messageSkype Name
Vampiremerchant
Baiting Guru


Joined: 01 Nov 2009
Posts: 3191
Location: Scotland


PostPosted: Thu Apr 10, 2014 3:43 pm Reply with quoteBack to top

Luckily the only one that counts for me is my Bank and according to that list I have no need to change my PW

As to Google and Yahoo all accounts I have with them are to do with baiting and I am not too bothered with them

_________________
* Help Keep Eater Running - Click here to donate


Closed lad accounts x 35 Easter Egg

Mortar x 100

Thailand (with thanks to Nigel Tuffnel)
Thailand United Kingdom
Thailand
Thailand
Thailand









My dear Brother , if I have to you to scam you, May the WROGHT of GOD be upon me and my generation
View user's profileSend private messageSend e-mail
Juan Freizwidatt
Forum Admin


Joined: 18 Apr 2004
Posts: 20072
Location: Hanging out at In-n-Out


PostPosted: Thu Apr 10, 2014 3:49 pm Reply with quoteBack to top

More than a little confusing:

Quote:
Google said that logins for its services did not need to be reset unless they were used on other sites.


(Other articles say the same about Gmail.)

Later in the same piece, in the list of major sites:

Quote:
Google/Gmail

(Vulnerable?)
Yes

(Patched?)
Yes

(Change password?)
Yes


Confused

_________________
"SATAN WILL KILL YOU . BECAUSE YOU ARE A DAUGHTER OF MERMAID"

"HOW DOES IT SOUND TO YOU THAT ANOTHER PERSON IS DEALING WITH YOU AND ASK YOU TO CONTACT ANOTHER PERSON AND NOW YOU SAID THAT YOU WANT TO DEAL WITH THE OTHER PERSON WITHOUT THE KNOWING OF THE PERSON THAT ASK YOU TO CONTACT THE OTHER PERSON"

"I apologize again that I will lick the dust from your sandals." - Shorty

Sand Timer x4: Shorty
Safari x 16:
US lad w/Capone: ( Golden Pith ) Black Ribbon
- ATL>DC>ATL>Vegas>Seattle>ATL>San Diego>LA>ATL>Seattle>ATL>WY>ATL>Aspen>ATL (21K+ miles, $11K+ expenses)
Shorty w/bohigal:
- Lagos>Abidjan
Random lads:
- Douala>Korup; Lagos>Cotonou>Parakou; Cotonou>Niger border; Cotonou>Pendjari>jail in Tanguietta; Asaba>Abuja; Accra>Tamale
Purple Flower Goat Jack Boot Whip
View user's profileSend private message
lord goldblade
Elite Baiter


Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa


PostPosted: Thu Apr 10, 2014 4:38 pm Reply with quoteBack to top

^^ i thought that too, im gonna reset all my RL passwords for google to be on the safe side, baiting stuff not bothered with.

luckily for me i dont think anything on that list affects me personally....

_________________
"You are not only poor but poor bush man who have no ambition to be rich"

"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"

"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"

"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"

Easter 2015Closed lad accounts x13 Nigeria x2 United Kingdom x2 Malaysia United States China Easter Egg 2011 Ivory Coast Burkina Faso

Dead Phish - 350
View user's profileSend private messageSkype Name
Juan Freizwidatt
Forum Admin


Joined: 18 Apr 2004
Posts: 20072
Location: Hanging out at In-n-Out


PostPosted: Thu Apr 10, 2014 6:09 pm Reply with quoteBack to top

I normally change my RL email password often anyway, I realized it's been nearly a year so I was overdue anyway.

Like you I'm not worried about my baiting accounts.

_________________
"SATAN WILL KILL YOU . BECAUSE YOU ARE A DAUGHTER OF MERMAID"

"HOW DOES IT SOUND TO YOU THAT ANOTHER PERSON IS DEALING WITH YOU AND ASK YOU TO CONTACT ANOTHER PERSON AND NOW YOU SAID THAT YOU WANT TO DEAL WITH THE OTHER PERSON WITHOUT THE KNOWING OF THE PERSON THAT ASK YOU TO CONTACT THE OTHER PERSON"

"I apologize again that I will lick the dust from your sandals." - Shorty

Sand Timer x4: Shorty
Safari x 16:
US lad w/Capone: ( Golden Pith ) Black Ribbon
- ATL>DC>ATL>Vegas>Seattle>ATL>San Diego>LA>ATL>Seattle>ATL>WY>ATL>Aspen>ATL (21K+ miles, $11K+ expenses)
Shorty w/bohigal:
- Lagos>Abidjan
Random lads:
- Douala>Korup; Lagos>Cotonou>Parakou; Cotonou>Niger border; Cotonou>Pendjari>jail in Tanguietta; Asaba>Abuja; Accra>Tamale
Purple Flower Goat Jack Boot Whip
View user's profileSend private message
loualsindor
Evil attorney in for the long haul


Joined: 23 Mar 2012
Posts: 1974
Location: A little rock in a big ocean


PostPosted: Thu Apr 10, 2014 6:16 pm Reply with quoteBack to top

As you might imagine, businesses with sensitive information are flipping out. I work for an airline, so the pile includes our stuff and all sorts of goodies from the Department of Transportation, Homeland Security, TSA, the list goes on and on.

I'm hiding under my desk until the dust clears.

_________________
Closed lad accounts - 227

Easter Egg 2013

Sand Timer X 6
Sand Timer Sand Timer X 5
Sand Timer Sand Timer Sand Timer X 1

Safari Budapest/Fiji - 22,500 miles
Safari Save, Collines, Benin/Victoria Island, Nigeria - 448 miles on a bus
Safari Save, Collines, Benin/Accra, Ghana - 700 miles on a bus

Evil Attorney epics - 22

- Why do you give shit about who i scammed you have to stop sticking ur nose on my shoes. Because it doesn't fit your noses
- Please bring me back before i hit my brain on a pan.
- This business is not like selling shoes and clothes in the market sir.

* Help Keep Eater Running - Click here to donate
View user's profileSend private message
Ahmastin Geebougah
Master of Master Baiters


Joined: 13 Jan 2014
Posts: 698


PostPosted: Thu Apr 10, 2014 8:02 pm Reply with quoteBack to top

One of my apps, SecureSafe patched a message to say that their site is NOT affected, which is just as well, because that's where I store my passwords, but I have a couple of RL addresses that could be vulnerable.
View user's profileSend private message
piecrust
Elite Baiter


Joined: 29 Dec 2010
Posts: 1606
Location: Alright! Who stole my avatar?


PostPosted: Thu Apr 10, 2014 10:51 pm Reply with quoteBack to top

I use Lastpass, and that was vulnerable till this morning BST. Shocked

There's a URL checker here.

_________________
Closed lad accounts*207 *193
ThailandGhanaUnited KingdomTogoNigeriaIsle Of ManIvory CoastIndonesiaHong KongSpainUnited StatesSenegalSwedenIreland * 47
Mortar
You would look good in Gold
Never use windows auto-fill again, use something much more secure like lastpass for free.

"I am a man of hing reputation." - Loan lad Billy Hord.
"don't even think of given me that crap that you are Deaf and dump or my line is cut off , i don't have a phone please don't.." - Loan lad Billy Hord. (Having been baited to hell)
View user's profileSend private messageSend e-mail
music man
Moderator


Joined: 22 Sep 2005
Posts: 14298
Location: East Harlemshire , yo!


PostPosted: Fri Apr 11, 2014 7:25 pm Reply with quoteBack to top

Quote:

I use Lastpass, and that was vulnerable till this morning BST


Might want to read the rest of the blogpost from lastPass
Quote:
How does it affect LastPass?

LastPass utilizes OpenSSL for HTTPS/TLS/SSL encryption and we were therefore “vulnerable” to this bug. For anyone who was using this tool: http://filippo.io/Heartbleed/#lastpass.com to check whether LastPass was vulnerable, it would have shown that we were vulnerable until this morning, when we restarted our servers after the patched OpenSSL software update.

However, LastPass is unique in that your data is also encrypted with a key that LastPass servers don’t have access to. Your sensitive data is never transmitted over SSL unencrypted - it’s already encrypted when it is transmitted, with a key LastPass never receives. While this bug is still very serious, it could not expose LastPass customers’ encrypted data due to our extra layers of protection. On the majority of the web, user data is not encrypted before being transmitted over SSL, hence the widespread concern.

Also, LastPass has employed a feature called “perfect forward secrecy”. This ensures that when security keys are changed, past and future traffic also can’t be decrypted even when a particular security key is compromised.


So, yes LP was using an iteration of OpenSSL which had been compromised BUT that does not mean your pw's had need compromised on THEIR server . However, your pw's MAY have been compromised on any other site with the relevant version of OpenSSL.

I really cannot emphasise how important it is to use a good password manager like LassPass, Keepass, Roboform etc.

Set a very strong master password ( 12+ characters) randomised and make sure you keep a copy of that password somewhere safe ( not on a PC/tablet/phone- preferably a piece of paper!). Make sure you use a random password generator with as many characters as possible ( it doesnt matter because you dont have to remember them) and use a unique password for each site needing one.

If you need any more convincing I recommend reading the following article - http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

_________________
Switzerland x2 Netherlands x2 Filipino flag United States x104 United Kingdom x213 Portugal x4 Spain x20 Belgium x4 Canada Hong Kong Italy x2 x1 France x2 Russia x2 Luxembourg Australia x2 Sweden x2 Czech Republic x2 Mortar x13

You will rot in jail.watch your back- any shadow could be mine ! YOU ARE VERY EASY TO TRACK IN YOU NEIGHBOURHOOD ! DRUNKARD AND A SCUMBAG LIKE YOU!
mike lawrence (cheque scammer)

Go fuck your dead parents asshole!!!How can a deaf fool make clean money..The money that you have will never be spent on anything reasonable.
So fuck off..dont reply me again until the cops get your stinking ass...
Lyord Melson- cheque scammer
$4.002million and £214K in fake cheques taken out of circulation. (updated May 2009)
View user's profileSend private messageSkype Name
Basinga
** WARNED **


Joined: 02 Aug 2013
Posts: 401
Location: Location: Location: Location: Sorry, can't find it


PostPosted: Mon Apr 14, 2014 10:37 am Reply with quoteBack to top

the best explanation I've seen:

http://xkcd.com/1354/

Yeah, time to change passwords I think...
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT