This has just been reported on the BBC news website: Heartbleed Bug: Public urged to reset all passwords. It's a flaw in OpenSSL that's been around for over two years.
How serious a problem is it? "Catastrophic. On a scale of 1 to 10, this is an 11."
Amazon's hosting service is mentioned (in the context of Minecraft) in a related BBC article: Scramble to fix huge 'heartbleed' security bug.
Do Kitely users need to do anything? If so, what?
Heartbleed bug: need to reset passwords?
-
Dot Matrix
- Posts: 1625
- Joined: Sun Jul 28, 2013 3:26 am
- Has thanked: 1209 times
- Been thanked: 2324 times
-
Ilan Tochner
- Posts: 6518
- Joined: Sun Dec 23, 2012 8:44 am
- Has thanked: 4972 times
- Been thanked: 4469 times
- Contact:
Re: Heartbleed bug: need to reset passwords?
Hi Dot,
We've checked and our service doesn't use the OpenSSL library, so there shouldn't be anything to patch in Kitely.
We've checked and our service doesn't use the OpenSSL library, so there shouldn't be anything to patch in Kitely.
- These users thanked the author Ilan Tochner for the post:
- Selby Evans
-
Constance Peregrine
- Posts: 2349
- Joined: Sun Dec 23, 2012 11:35 am
- Has thanked: 2778 times
- Been thanked: 1482 times
Re: Heartbleed bug: need to reset passwords?
Laissez faire et laissez passer, le monde va de lui même!
My little sounds store https://www.kitely.com/market?store=2040306
Ephemeral wanderer...
My little sounds store https://www.kitely.com/market?store=2040306
Ephemeral wanderer...
-
Cecil Gudkov
- Posts: 24
- Joined: Sun Feb 24, 2013 11:15 pm
- Has thanked: 44 times
- Been thanked: 19 times
- Contact:
Re: Heartbleed bug: need to reset passwords?
FIRST OF ALL KITELY DOESN'T USE THE OpenSSL Library! ALL IS SECURE HERE WITH THIS SECURITY ISSUE!
As of 7th April, we became aware of a serious security issue called “Heartbleed” in the OpenSSL encryption software that is widely used today. This problem has the potential to affect anyone who has any kind of online account. This vulnerability could allow intruders to access private encrypted data that is transferred online.
If possible, you should set up two-level authorisation on these services. This can be done by registering your mobile phone number with them or setting up a secret question etc...
Before changing a password or logging in to a website, you should make sure that the site has also had this vulnerability removed – you may do so by performing an SSL Server test: https://www.ssllabs.com/ssltest
If better for you guys to set up a two-level authorisation on these services!
Change with a new password that should consist of capital letters, lower-case letters and numbers.
The password should be at least 8 characters long.
Hope this info to be useful for some of you!
by Cecil
As of 7th April, we became aware of a serious security issue called “Heartbleed” in the OpenSSL encryption software that is widely used today. This problem has the potential to affect anyone who has any kind of online account. This vulnerability could allow intruders to access private encrypted data that is transferred online.
If possible, you should set up two-level authorisation on these services. This can be done by registering your mobile phone number with them or setting up a secret question etc...
Before changing a password or logging in to a website, you should make sure that the site has also had this vulnerability removed – you may do so by performing an SSL Server test: https://www.ssllabs.com/ssltest
If better for you guys to set up a two-level authorisation on these services!
Change with a new password that should consist of capital letters, lower-case letters and numbers.
The password should be at least 8 characters long.
Hope this info to be useful for some of you!
by Cecil
- These users thanked the author Cecil Gudkov for the post:
- oopsee joseppe
-
Handy Low
- Posts: 231
- Joined: Fri Nov 08, 2013 3:38 pm
- Location: Yorkshire, England
- Has thanked: 207 times
- Been thanked: 140 times
- Contact:
Re: Heartbleed bug: need to reset passwords?
Not really. I'll put this here: http://xkcd.com/936/Cecil Gudkov wrote:password that should consist of capital letters, lower-case letters and numbers.
(For those that know it, it's the "correct horse battery staple" one).
As we've talked about before in these forums, we really need longer passwords for viewer logins, but it's not something that can be fixed just in Kitely.
Handy Low