We're not vulnerable to Heartbleed

Notes from, to, and regarding those administrating this forum.

We're not vulnerable to Heartbleed

Postby Jesse » Thu Apr 10, 2014 9:14 am

I'd just like to reassure everyone that we aren't vulnerable to the "Heartbleed" security issue that was recently found in OpenSSL. Given our...alternate security measures, not only do the tests for it (such as this one) not find it, they actually get confused by what we're doing.

We've known about this one for a while (right around the time it was introduced, back in 2012), and in fact have been using it in some of our mining / controller software. It's being stomped out rapidly now, but even though it'll still linger on for a good bit, certain...parties might be honey-potting scanners now, so I'm recommending we pull it, or at least modify it to only continue on sites it's succeeding at, auto-remove sites that get fixed, and drop the piece that scans for new targets. My full run-down on it can be found in the chained room, in the shape of that nice Heartbleed logo that they're using. (Looking at you here, Ramon, since you've been a lot more involved in that piece of it.)
Practice random acts of kindness and senseless beauty.
User avatar
Jesse
Muse
Muse
 
Posts: 99
Joined: Fri Dec 06, 2013 2:32 am
Location: The Beautiful Pacific NorthWest

Re: We're not vulnerable to Heartbleed

Postby Phil » Sun Apr 13, 2014 12:12 pm

Good to know. Thanks! After just dealing with the NSA bullshit, to have this come up would have driven me to suggest we all just say fuck it and go back to leaving messages on our Garden walls.
"Your job as a good player isn't to win money, it's to make good decisions." -- Mike Caro
User avatar
Phil
Catalyst
Catalyst
 
Posts: 430
Joined: Fri Oct 28, 2011 5:32 pm
Location: Las Vegas, NV


Return to Forum Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron