Bitcoin Forum
November 12, 2024, 02:34:13 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BITSTAMP.NET HEARTBLEEDING?check this  (Read 1807 times)
btcfre@k (OP)
Sr. Member
****
Offline Offline

Activity: 286
Merit: 250


View Profile
April 08, 2014, 11:00:00 AM
 #1

Hi i read this news http://www.coindesk.com/major-security-flaw-heartbleed-puts-critical-services-risk/ so i went to the website http://filippo.io/Heartbleed/ to check if some exchange place are safe,btc-e was ok,but what was my surprise when i saw bitstamp was affected..
check this and let me know what you think about that

herbergeur d image

bitcoinanalyzer.com and havingbitcoin.com for sale
MykelSilver
Full Member
***
Offline Offline

Activity: 237
Merit: 100


View Profile
April 08, 2014, 11:10:23 AM
 #2

MtGox part two has began
S4VV4S
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 502


View Profile
April 08, 2014, 11:25:40 AM
 #3

Then someone should notify the administrators immediately.
dave111223
Legendary
*
Offline Offline

Activity: 1190
Merit: 1001


View Profile WWW
April 08, 2014, 11:30:50 AM
 #4

MtGox part two has began

Let's not be over dramatic it takes about 5 seconds to update openssl on the server.

Which is looks like they have already done: http://filippo.io/Heartbleed/#bitstamp.net

EDIT: however it appears logins are still disabled even after openssl has been updated; you can now feel free to start panicking.

btcfre@k (OP)
Sr. Member
****
Offline Offline

Activity: 286
Merit: 250


View Profile
April 08, 2014, 01:12:57 PM
 #5

i hope it will be fixed,if bitstamp didnt fix it yet

bitcoinanalyzer.com and havingbitcoin.com for sale
hdbuck
Legendary
*
Offline Offline

Activity: 1260
Merit: 1002



View Profile
April 08, 2014, 01:59:54 PM
 #6

wtf is going on?
clownius
Sr. Member
****
Offline Offline

Activity: 448
Merit: 254


View Profile
April 08, 2014, 02:03:27 PM
 #7

wtf is going on?


Major exploit found in openSSL.  Update is out to fix it but the vulnerability has existed for a long time so everyones scrambling to update all their keys as well as run updates.  Expect many sites to suggest you update your passwords as they are possibly compromised.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
April 08, 2014, 03:11:06 PM
 #8

bitstamp.com is vulnerable in case you want to see what a vulnerable site looks like:

http://filippo.io/Heartbleed/#bitstamp.com

Just found it by accident when trying to test bitstamp.net, any typed it incorrectly. 

It appears the two sites are not related at all...

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
clownius
Sr. Member
****
Offline Offline

Activity: 448
Merit: 254


View Profile
April 08, 2014, 04:00:50 PM
 #9

all good, bitstamp.net not affected.. its already fixed

The damage may already be done.  This vulnerability has existed for two years and has been know for a while by black hats. 

Just updating openSSL isnt enough.  You also need to update your certs and assume you were listened in on or broken into previously and didnt notice.  That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.
hdbuck
Legendary
*
Offline Offline

Activity: 1260
Merit: 1002



View Profile
April 08, 2014, 04:03:33 PM
 #10

all good, bitstamp.net not affected.. its already fixed

The damage may already be done.  This vulnerability has existed for two years and has been know for a while by black hats.  

Just updating openSSL isnt enough.  You also need to update your certs and assume you were listened in on or broken into previously and didnt notice.  That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

but no worries if we were using 2FA right? riiight?
Equate
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
April 08, 2014, 04:04:34 PM
 #11

Mtgox V 2.0 Coming
clownius
Sr. Member
****
Offline Offline

Activity: 448
Merit: 254


View Profile
April 08, 2014, 04:14:37 PM
 #12

Mtgox V 2.0 Coming

The question is who though.  Just about the entire Internet was vulnerable for the last two years.........
freedomno1
Legendary
*
Offline Offline

Activity: 1820
Merit: 1090


Learning the troll avoidance button :)


View Profile
April 08, 2014, 04:18:30 PM
 #13

Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Believing in Bitcoins and it's ability to change the world
clownius
Sr. Member
****
Offline Offline

Activity: 448
Merit: 254


View Profile
April 08, 2014, 04:24:37 PM
 #14

Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol

The fix was in the works already when word leaked out about the vulnerability.  So at that point it was announced and people scrambled to get the fixes live.  Very fast work all around
rebuilder
Legendary
*
Offline Offline

Activity: 1615
Merit: 1000



View Profile
April 08, 2014, 04:33:25 PM
 #15

all good, bitstamp.net not affected.. its already fixed

The damage may already be done.  This vulnerability has existed for two years and has been know for a while by black hats.  

Just updating openSSL isnt enough.  You also need to update your certs and assume you were listened in on or broken into previously and didnt notice.  That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

but no worries if we were using 2FA right? riiight?


Depends, I think an attacker could, in theory, have sniffed the seed to your 2fa codes when you enabled 2FA. That's probably quite unlikely, though.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
freedomno1
Legendary
*
Offline Offline

Activity: 1820
Merit: 1090


Learning the troll avoidance button :)


View Profile
April 08, 2014, 04:36:08 PM
 #16

Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol

The fix was in the works already when word leaked out about the vulnerability.  So at that point it was announced and people scrambled to get the fixes live.  Very fast work all around

That's good to know was trying the testing server but I got a false negative message so I am assuming a lot of people are using the thing
http://filippo.io/Heartbleed/

Edit In: Nvm its working again

Believing in Bitcoins and it's ability to change the world
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!