Heartbleed bug: need to reset passwords?

Talk about anything, whether on topic or off topic
Post Reply
User avatar
Dot Matrix
Posts: 1575
Joined: Sun Jul 28, 2013 3:26 am
Has thanked: 1091 times
Been thanked: 2184 times

Heartbleed bug: need to reset passwords?

Post by Dot Matrix »

This has just been reported on the BBC news website: Heartbleed Bug: Public urged to reset all passwords. It's a flaw in OpenSSL that's been around for over two years.

How serious a problem is it? "Catastrophic. On a scale of 1 to 10, this is an 11."

Amazon's hosting service is mentioned (in the context of Minecraft) in a related BBC article: Scramble to fix huge 'heartbleed' security bug.

Do Kitely users need to do anything? If so, what?
User avatar
Ilan Tochner
Posts: 5773
Joined: Sun Dec 23, 2012 8:44 am
Has thanked: 3600 times
Been thanked: 3768 times
Contact:

Re: Heartbleed bug: need to reset passwords?

Post by Ilan Tochner »

Hi Dot,

We've checked and our service doesn't use the OpenSSL library, so there shouldn't be anything to patch in Kitely.
These users thanked the author Ilan Tochner for the post:
Selby Evans
User avatar
Constance Peregrine
Posts: 2333
Joined: Sun Dec 23, 2012 11:35 am
Has thanked: 2769 times
Been thanked: 1443 times

Re: Heartbleed bug: need to reset passwords?

Post by Constance Peregrine »

Laissez faire et laissez passer, le monde va de lui même!
My little sounds store https://www.kitely.com/market?store=2040306

Ephemeral wanderer...
User avatar
Cecil Gudkov
Posts: 24
Joined: Sun Feb 24, 2013 11:15 pm
Has thanked: 44 times
Been thanked: 19 times
Contact:

Re: Heartbleed bug: need to reset passwords?

Post by Cecil Gudkov »

FIRST OF ALL KITELY DOESN'T USE THE OpenSSL Library! ALL IS SECURE HERE WITH THIS SECURITY ISSUE!

As of 7th April, we became aware of a serious security issue called “Heartbleed” in the OpenSSL encryption software that is widely used today. This problem has the potential to affect anyone who has any kind of online account. This vulnerability could allow intruders to access private encrypted data that is transferred online.
If possible, you should set up two-level authorisation on these services. This can be done by registering your mobile phone number with them or setting up a secret question etc...
Before changing a password or logging in to a website, you should make sure that the site has also had this vulnerability removed – you may do so by performing an SSL Server test: https://www.ssllabs.com/ssltest

If better for you guys to set up a two-level authorisation on these services!
Change with a new password that should consist of capital letters, lower-case letters and numbers.
The password should be at least 8 characters long.


Hope this info to be useful for some of you!

by Cecil
These users thanked the author Cecil Gudkov for the post:
oopsee joseppe
User avatar
Handy Low
Posts: 231
Joined: Fri Nov 08, 2013 3:38 pm
Location: Yorkshire, England
Has thanked: 207 times
Been thanked: 140 times
Contact:

Re: Heartbleed bug: need to reset passwords?

Post by Handy Low »

Cecil Gudkov wrote:password that should consist of capital letters, lower-case letters and numbers.
Not really. I'll put this here: http://xkcd.com/936/
(For those that know it, it's the "correct horse battery staple" one).

As we've talked about before in these forums, we really need longer passwords for viewer logins, but it's not something that can be fixed just in Kitely.
Handy Low
Post Reply