|
MykelSilver
|
|
April 08, 2014, 11:10:23 AM |
|
MtGox part two has began
|
|
|
|
S4VV4S
|
|
April 08, 2014, 11:25:40 AM |
|
Then someone should notify the administrators immediately.
|
|
|
|
dave111223
Legendary
Offline
Activity: 1190
Merit: 1001
|
|
April 08, 2014, 11:30:50 AM |
|
MtGox part two has began
Let's not be over dramatic it takes about 5 seconds to update openssl on the server. Which is looks like they have already done: http://filippo.io/Heartbleed/#bitstamp.netEDIT: however it appears logins are still disabled even after openssl has been updated; you can now feel free to start panicking.
|
|
|
|
btcfre@k (OP)
|
|
April 08, 2014, 01:12:57 PM |
|
i hope it will be fixed,if bitstamp didnt fix it yet
|
bitcoinanalyzer.com and havingbitcoin.com for sale
|
|
|
hdbuck
Legendary
Offline
Activity: 1260
Merit: 1002
|
|
April 08, 2014, 01:59:54 PM |
|
wtf is going on?
|
|
|
|
clownius
|
|
April 08, 2014, 02:03:27 PM |
|
wtf is going on?
Major exploit found in openSSL. Update is out to fix it but the vulnerability has existed for a long time so everyones scrambling to update all their keys as well as run updates. Expect many sites to suggest you update your passwords as they are possibly compromised.
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
April 08, 2014, 03:11:06 PM |
|
bitstamp.com is vulnerable in case you want to see what a vulnerable site looks like: http://filippo.io/Heartbleed/#bitstamp.comJust found it by accident when trying to test bitstamp.net, any typed it incorrectly. It appears the two sites are not related at all...
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
clownius
|
|
April 08, 2014, 04:00:50 PM |
|
all good, bitstamp.net not affected.. its already fixed
The damage may already be done. This vulnerability has existed for two years and has been know for a while by black hats. Just updating openSSL isnt enough. You also need to update your certs and assume you were listened in on or broken into previously and didnt notice. That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.
|
|
|
|
hdbuck
Legendary
Offline
Activity: 1260
Merit: 1002
|
|
April 08, 2014, 04:03:33 PM |
|
all good, bitstamp.net not affected.. its already fixed
The damage may already be done. This vulnerability has existed for two years and has been know for a while by black hats. Just updating openSSL isnt enough. You also need to update your certs and assume you were listened in on or broken into previously and didnt notice. That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless. but no worries if we were using 2FA right? riiight?
|
|
|
|
Equate
|
|
April 08, 2014, 04:04:34 PM |
|
Mtgox V 2.0 Coming
|
|
|
|
clownius
|
|
April 08, 2014, 04:14:37 PM |
|
Mtgox V 2.0 Coming
The question is who though. Just about the entire Internet was vulnerable for the last two years.........
|
|
|
|
freedomno1
Legendary
Offline
Activity: 1820
Merit: 1090
Learning the troll avoidance button :)
|
|
April 08, 2014, 04:18:30 PM |
|
Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet
|
Believing in Bitcoins and it's ability to change the world
|
|
|
clownius
|
|
April 08, 2014, 04:24:37 PM |
|
Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet
Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol The fix was in the works already when word leaked out about the vulnerability. So at that point it was announced and people scrambled to get the fixes live. Very fast work all around
|
|
|
|
rebuilder
Legendary
Offline
Activity: 1615
Merit: 1000
|
|
April 08, 2014, 04:33:25 PM |
|
all good, bitstamp.net not affected.. its already fixed
The damage may already be done. This vulnerability has existed for two years and has been know for a while by black hats. Just updating openSSL isnt enough. You also need to update your certs and assume you were listened in on or broken into previously and didnt notice. That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless. but no worries if we were using 2FA right? riiight? Depends, I think an attacker could, in theory, have sniffed the seed to your 2fa codes when you enabled 2FA. That's probably quite unlikely, though.
|
Selling out to advertisers shows you respect neither yourself nor the rest of us. --------------------------------------------------------------- Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
|
|
|
freedomno1
Legendary
Offline
Activity: 1820
Merit: 1090
Learning the troll avoidance button :)
|
|
April 08, 2014, 04:36:08 PM |
|
Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet
Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol The fix was in the works already when word leaked out about the vulnerability. So at that point it was announced and people scrambled to get the fixes live. Very fast work all around That's good to know was trying the testing server but I got a false negative message so I am assuming a lot of people are using the thing http://filippo.io/Heartbleed/Edit In: Nvm its working again
|
Believing in Bitcoins and it's ability to change the world
|
|
|
|