Author |
Message |
lord goldblade
Elite Baiter
Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa
|
Posted:
Wed Apr 09, 2014 4:42 pm |
|
Just wondering really, is the media blowing this out of proportion or is it as bad as they are saying?
According to the BBC we should change every password we currently have?
http://www.bbc.co.uk/news/technology-26954540
Is it seriously that big of a bug? |
_________________ "You are not only poor but poor bush man who have no ambition to be rich"
"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"
"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"
"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"
x13 x2 x2
Dead Phish - 350 |
|
|
|
music man
Baiting Guru
Joined: 22 Sep 2005
Posts: 14807
Location: East Harlemshire , yo!
|
Posted:
Wed Apr 09, 2014 6:07 pm |
|
Its pretty serious. This article gives a much better explanation as to why its such a big deal.
Quote: |
The problem is fairly simple: there's a tiny vulnerability -- a simple missing bounds check -- in the code that handles TLS 'heartbeat' messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server's private key material, an attacker can potentially obtain (a) long-term server private keys, (b) TLS session keys, (c) confidential data like passwords, (d) session ticket keys |
Quote: |
Any of the above may allow an attacker to decrypt ongoing TLS sessions or steal useful information. However item (a) above is by far the worst, since an attacker who obtains the server's main private keys can potentially decrypt past sessions (if made using the non-PFS RSA handshake) or impersonate the server going forward. Worst of all, the exploit leaves no trace. |
So, an attacker can steal the server private keys and go back and see everything on the server, both old stuff and new stuff as well. |
_________________ x2 x2 x104 x213 x4 x20 x4 x2 x1 x2 x2 x2 x2 x2 x13
You will rot in jail.watch your back- any shadow could be mine ! YOU ARE VERY EASY TO TRACK IN YOU NEIGHBOURHOOD ! DRUNKARD AND A SCUMBAG LIKE YOU!
mike lawrence (cheque scammer)
Go fuck your dead parents asshole!!!How can a deaf fool make clean money..The money that you have will never be spent on anything reasonable.
So fuck off..dont reply me again until the cops get your stinking ass...
Lyord Melson- cheque scammer
$4.002million and £214K in fake cheques taken out of circulation. (updated May 2009)
|
|
|
|
lord goldblade
Elite Baiter
Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa
|
Posted:
Wed Apr 09, 2014 6:42 pm |
|
I may go on a PW change-a-thon i think. (once the vulnerability is patched anyway |
_________________ "You are not only poor but poor bush man who have no ambition to be rich"
"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"
"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"
"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"
x13 x2 x2
Dead Phish - 350 |
|
|
|
Fryer
Baiting Guru
Joined: 15 Mar 2008
Posts: 2672
Location: Global Computer Mega Cafe
|
Posted:
Wed Apr 09, 2014 8:20 pm |
|
^^ That's the trick. No use changing anything if the opening persists!! |
_________________ x 710 x N x 2 Click here for a Sure Fire Pith Helmet Modality
YOU ARE A MOTHERFUCKER SCUMBAG AND AN EMPTY VESSEL
FUCK YOU AND YOUR ENTIRE FAMILY . YOU ARE SATAN. YOU ARE ANTI-CHRIST
guy nawaaa for you oooh |
|
|
|
Salting the Gold mine
Master of Master Baiters
Joined: 03 Jan 2014
Posts: 993
Location: Living next door to Alice
|
Posted:
Wed Apr 09, 2014 11:35 pm |
|
When I was a boy,they used vinegar and brown paper. |
_________________ Thanks for the history,are you have now....what new version are we entry.perhaps the birth of Prince George junior and how Willie Kate Middleton made love and gave birth...o'h...o'h the queen is fight war in Afganistan...Lest i forget you made love to your ground mom last nite...Uncle tell me a knew story...are you happy now........Mr H0rn J3rry or was that Mr J3rry H0rn,I never really knew
-------------------------------------------------
Look Mr Man,you must be a joker to think you can't' play smart with me I was just following you to see where you land.Stop contacting me you are just a fucking shucking dick........J@me5.
x 187 x 60
100 in 1 = 101 |
|
|
|
bohigal
Baiting Guru
Joined: 01 Aug 2007
Posts: 7226
Location: Epstein's Delicatessen
|
Posted:
Thu Apr 10, 2014 12:34 am |
|
As I understand it, the process of stealing the information is also invisible, ie admins wouldn't even know it's happening. Ack. |
_________________
Stop typing in french, am seriously dissapointed....am just confused!!!
You will have my nuts in your hands as soon as i have the latrine in my hand & i will pay the goats to the lawyer
My dear with this only, it is clear you have contacted and communicated with Africa Fraudsters and even send funds to him. what a pity!
YOU ARE A WITCH. MAY YOU MENSURATE NON STOP TILL THE END OF YOUR LIFE
Team Hector:Lagos-Douala,Benin-Liberia,Senegal-Gambia-Mali-Chad, Egypt ,Awka w/ Shorty
Shorty Abidjan w/ Juan
Bibian
Donate to Eater |
|
|
|
lord goldblade
Elite Baiter
Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa
|
Posted:
Thu Apr 10, 2014 3:07 pm |
|
List of websites affected by this from the BBC with password change advice
http://www.bbc.co.uk/news/technology-26971363 |
_________________ "You are not only poor but poor bush man who have no ambition to be rich"
"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"
"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"
"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"
x13 x2 x2
Dead Phish - 350 |
|
|
|
Vampiremerchant
Baiting Guru
Joined: 01 Nov 2009
Posts: 3227
Location: Scotland
|
Posted:
Thu Apr 10, 2014 3:43 pm |
|
Luckily the only one that counts for me is my Bank and according to that list I have no need to change my PW
As to Google and Yahoo all accounts I have with them are to do with baiting and I am not too bothered with them |
_________________ * Help Keep Eater Running - Click here to donate
x 35
x 100
(with thanks to Nigel Tuffnel)
My dear Brother , if I have to you to scam you, May the WROGHT of GOD be upon me and my generation |
|
|
|
Juan Freizwidatt
Associate
Joined: 18 Apr 2004
Posts: 20834
Location: Hanging out at In-n-Out
|
Posted:
Thu Apr 10, 2014 3:49 pm |
|
More than a little confusing:
Quote: |
Google said that logins for its services did not need to be reset unless they were used on other sites. |
(Other articles say the same about Gmail.)
Later in the same piece, in the list of major sites:
Quote: |
Google/Gmail
(Vulnerable?)
Yes
(Patched?)
Yes
(Change password?)
Yes |
|
_________________ "SATAN WILL KILL YOU . BECAUSE YOU ARE A DAUGHTER OF MERMAID"
"HOW DOES IT SOUND TO YOU THAT ANOTHER PERSON IS DEALING WITH YOU AND ASK YOU TO CONTACT ANOTHER PERSON AND NOW YOU SAID THAT YOU WANT TO DEAL WITH THE OTHER PERSON WITHOUT THE KNOWING OF THE PERSON THAT ASK YOU TO CONTACT THE OTHER PERSON"
I apologize again that I will lick the dust from your sandals - Shorty
x4: Shorty
x 16:
US lad w/Capone: ( )
- ATL>DC>ATL>Vegas>Seattle>ATL>San Diego>LA>ATL>Seattle>ATL>WY>ATL>Aspen>ATL (21K+ miles, $11K+ expenses)
Shorty w/bohigal:
- Lagos>Abidjan
Random lads:
- Douala>Korup; Lagos>Cotonou>Parakou; Cotonou>Niger border; Cotonou>Pendjari>jail in Tanguietta; Asaba>Abuja; Accra>Tamale
|
|
|
|
lord goldblade
Elite Baiter
Joined: 13 Jan 2011
Posts: 1553
Location: Slaying The Prophets Ov Isa
|
Posted:
Thu Apr 10, 2014 4:38 pm |
|
^^ i thought that too, im gonna reset all my RL passwords for google to be on the safe side, baiting stuff not bothered with.
luckily for me i dont think anything on that list affects me personally.... |
_________________ "You are not only poor but poor bush man who have no ambition to be rich"
"GO DRINK POISEN AND SLEEP THEN DIE FUCK WITH YOUR MONEY"
"i should have known that you are full of lies ,at first you told me you have a flying jet but i never knew that you were nothing but building upstairs on the sky"
"I like to sincerely thank you for all your disappointment,stress ,lies and frustrations,now I should have not gotten myself involved in the first place thanks to you all"
x13 x2 x2
Dead Phish - 350 |
|
|
|
Juan Freizwidatt
Associate
Joined: 18 Apr 2004
Posts: 20834
Location: Hanging out at In-n-Out
|
Posted:
Thu Apr 10, 2014 6:09 pm |
|
I normally change my RL email password often anyway, I realized it's been nearly a year so I was overdue anyway.
Like you I'm not worried about my baiting accounts. |
_________________ "SATAN WILL KILL YOU . BECAUSE YOU ARE A DAUGHTER OF MERMAID"
"HOW DOES IT SOUND TO YOU THAT ANOTHER PERSON IS DEALING WITH YOU AND ASK YOU TO CONTACT ANOTHER PERSON AND NOW YOU SAID THAT YOU WANT TO DEAL WITH THE OTHER PERSON WITHOUT THE KNOWING OF THE PERSON THAT ASK YOU TO CONTACT THE OTHER PERSON"
I apologize again that I will lick the dust from your sandals - Shorty
x4: Shorty
x 16:
US lad w/Capone: ( )
- ATL>DC>ATL>Vegas>Seattle>ATL>San Diego>LA>ATL>Seattle>ATL>WY>ATL>Aspen>ATL (21K+ miles, $11K+ expenses)
Shorty w/bohigal:
- Lagos>Abidjan
Random lads:
- Douala>Korup; Lagos>Cotonou>Parakou; Cotonou>Niger border; Cotonou>Pendjari>jail in Tanguietta; Asaba>Abuja; Accra>Tamale
|
|
|
|
loualsindor
Elite Baiter
Joined: 23 Mar 2012
Posts: 2001
Location: A little rock in a big ocean
|
Posted:
Thu Apr 10, 2014 6:16 pm |
|
As you might imagine, businesses with sensitive information are flipping out. I work for an airline, so the pile includes our stuff and all sorts of goodies from the Department of Transportation, Homeland Security, TSA, the list goes on and on.
I'm hiding under my desk until the dust clears. |
_________________ - 229
X 6
X 5
X 1
Budapest/Fiji - 22,500 miles
Save, Collines, Benin/Victoria Island, Nigeria - 448 miles on a bus
Save, Collines, Benin/Accra, Ghana - 700 miles on a bus
Evil Attorney epics - 22
- Why do you give shit about who i scammed you have to stop sticking ur nose on my shoes. Because it doesn't fit your noses
- Please bring me back before i hit my brain on a pan.
- This business is not like selling shoes and clothes in the market sir.
* Help Keep Eater Running - Click here to donate |
|
|
|
Ahmastin Geebougah
Master of Master Baiters
Joined: 13 Jan 2014
Posts: 698
|
Posted:
Thu Apr 10, 2014 8:02 pm |
|
One of my apps, SecureSafe patched a message to say that their site is NOT affected, which is just as well, because that's where I store my passwords, but I have a couple of RL addresses that could be vulnerable. |
|
|
|
|
piecrust
Elite Baiter
Joined: 29 Dec 2010
Posts: 1620
Location: Having chow with an old friend.
|
Posted:
Thu Apr 10, 2014 10:51 pm |
|
I use Lastpass, and that was vulnerable till this morning BST.
There's a URL checker here. |
_________________ *207 *193
* 47
You would look good in Gold
Never use windows auto-fill again, use something much more secure like lastpass for free.
"I am a man of hing reputation." - Loan lad Billy Hord.
"don't even think of given me that crap that you are Deaf and dump or my line is cut off , i don't have a phone please don't.." - Loan lad Billy Hord. (Having been baited to hell) |
|
|
|
music man
Baiting Guru
Joined: 22 Sep 2005
Posts: 14807
Location: East Harlemshire , yo!
|
Posted:
Fri Apr 11, 2014 7:25 pm |
|
Quote: |
I use Lastpass, and that was vulnerable till this morning BST |
Might want to read the rest of the blogpost from lastPass
Quote: |
How does it affect LastPass?
LastPass utilizes OpenSSL for HTTPS/TLS/SSL encryption and we were therefore “vulnerable” to this bug. For anyone who was using this tool: http://filippo.io/Heartbleed/#lastpass.com to check whether LastPass was vulnerable, it would have shown that we were vulnerable until this morning, when we restarted our servers after the patched OpenSSL software update.
However, LastPass is unique in that your data is also encrypted with a key that LastPass servers don’t have access to. Your sensitive data is never transmitted over SSL unencrypted - it’s already encrypted when it is transmitted, with a key LastPass never receives. While this bug is still very serious, it could not expose LastPass customers’ encrypted data due to our extra layers of protection. On the majority of the web, user data is not encrypted before being transmitted over SSL, hence the widespread concern.
Also, LastPass has employed a feature called “perfect forward secrecy”. This ensures that when security keys are changed, past and future traffic also can’t be decrypted even when a particular security key is compromised. |
So, yes LP was using an iteration of OpenSSL which had been compromised BUT that does not mean your pw's had need compromised on THEIR server . However, your pw's MAY have been compromised on any other site with the relevant version of OpenSSL.
I really cannot emphasise how important it is to use a good password manager like LassPass, Keepass, Roboform etc.
Set a very strong master password ( 12+ characters) randomised and make sure you keep a copy of that password somewhere safe ( not on a PC/tablet/phone- preferably a piece of paper!). Make sure you use a random password generator with as many characters as possible ( it doesnt matter because you dont have to remember them) and use a unique password for each site needing one.
If you need any more convincing I recommend reading the following article - http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ |
_________________ x2 x2 x104 x213 x4 x20 x4 x2 x1 x2 x2 x2 x2 x2 x13
You will rot in jail.watch your back- any shadow could be mine ! YOU ARE VERY EASY TO TRACK IN YOU NEIGHBOURHOOD ! DRUNKARD AND A SCUMBAG LIKE YOU!
mike lawrence (cheque scammer)
Go fuck your dead parents asshole!!!How can a deaf fool make clean money..The money that you have will never be spent on anything reasonable.
So fuck off..dont reply me again until the cops get your stinking ass...
Lyord Melson- cheque scammer
$4.002million and £214K in fake cheques taken out of circulation. (updated May 2009)
|
|
|
|
Basinga
** WARNED **
Joined: 02 Aug 2013
Posts: 401
Location: Location: Location: Location: Sorry, can't find it
|
Posted:
Mon Apr 14, 2014 10:37 am |
|
|
|
|
|