About the Heartbleed bug
A majority of people here probably heard about the Heartbleed bug, be it through news, the Nexon website, friends, social networks etc. Most people out there seem to be misinformed in some aspects of the bug, so I decided to make a thread to clarify everything. If you wish to read it, there's a whole page dedicated to clarifying everything about the bug [url=http://heartbleed.com/]here[/url]; this is just the shortened version.
[header]What is Heartbleed?[/header]
Heartbleed is a flaw on OpenSSL, which is the cryptographic software used to encode things like login info all over the world. In basic terms, the bug lets anyone connected to the Internet to get access to the OpenSSL database without leaving traces of entry. Going more indepth, it allows any invader to obtain access to a lot of information, including encrypted usernames/passwords, information stored in the server (emails, financial information, private messages etc) and finally the encryption keys themselves.
[header]When was Heartbleed discovered?[/header]
The discovery of the bug was on the 7th of April of 2014, but the bug has been out there since early 2012. Since the invasion by the bug doesn't leave a trace, it's unknown whether or not the bug was known by hackers before and for how long it has been something known by people with malicious intent.
[header]How do I protect myself against this bug?[/header]
First of all, use [url=http://filippo.io/Heartbleed/]this[/url] site to test whether or not the site is safe; looking for another testing website to confirm if it's completely safe is reccomended, but not obligatory. If the site is safe, change your password in it to a password you [i]haven't used before[/i]; using the same password you use in other sites may pose a security risk even moreso than it'd be before the bug was discovered, so use an entirely new password this time. You could use the same new password for all other unaffected/fixed sites, but I'd say to use a new password for the same reasons it'd be reccomended to use different passwords before the discovery of the Heartbleed bug.
If the site doesn't have it patched, don't change your password to the new password or at all, just wait until the owner updates their OpenSSL version to the version without the vulnerability.
I'm by no means an expert in this issue, so if you have any additional info on this subject or have anything you'd like to correct me on, feel free to do so. I've probably left some things out, so if you have questions, either read the Heartbleed site or send them this way. Quote me on your posts either way so it's more likely I'll see them.
If you use google chrome as your internet browser, you can get the chromebleed extension to check for the bug in a site automatically. (thanks to @fun2killu!)
Both Nexon's website and Basilmarket are safe from the bug, just change your password as described above. You can check with the other website if you want to be completely sure. Furthermore, the lastpass website Nexon gave us to test if the site is safe or not isn't completely accurate: use the fillippo website to test for heartbleed, not lastpass. (thanks to @BobR!)
http://www.cbc.ca/news/technology/heartbleed-web-security-bug-what-you-need-to-know-1.26'88 has more information on the bug.
11 Comments • Newest first
@BobR: Alrighty thanks BobR
[quote=Predetermined]Omg.... I changed all my passwords when I saw the notice on the Maple website... great.[/quote]
Not likely to ba a problem. Most sites are already patched, and you can check the sites you use at: http://filippo.io/Heartbleed/
[quote=sparkshooter]It's not ignorance, it's de-sensitivity. Usually after a big incident/situation, it's pretty common for people to slowly not care or not remember.[/quote]
Absolutely. What you're referring to is desensitization; and I agree with you 100%. What I was calling those two out on was just pure ignorance, that is, not having a clue about what their talking about. So indeed it was ignorance. Oh, but if you thought by ignorance I meant stupidity.. not the case haha most people use the word incorrectly. Of course, not saying you're one of them. Could probably argue it's a bit of both.
Cheers!
[quote=GHOSTxOAE]This is in response to your ignorance and narrow-sightedness, and to others who share the same mentality:
The bug is not "terminated". Several multinational corporations have updated their systems to address this bug, but several more have yet to do so. As of earlier today, April 10th, the federal government agency, Canada Revenue Agency had not updated their system. There are, without a doubt, people who are still using financial service websites and other personal websites with outdated databases and systems.
It will be relevant even after the bug has been "eradicated". That is, relevant to those whose lives had been affected by this oversight, and to those who work diligently to ensure some other variation of the bug does not surface in the near future.
To those who would like to know more, and in addition to what the thread-starter posted, please visit this website: http://www.cbc.ca/news/technology/heartbleed-web-security-bug-what-you-need-to-know-1.26'88
[b]This may not affect you, but it may very well affect the uninformed passerby.[/b][/quote]
It's not ignorance, it's de-sensitivity. Usually after a big incident/situation, it's pretty common for people to slowly not care or not remember.
Omg.... I changed all my passwords when I saw the notice on the Maple website... great.
[quote=Mijael]old news , move on[/quote]
[quote=vBlaze]Its old news when the bug is terminated and never to come back[/quote]
This is in response to your ignorance and narrow-sightedness, and to others who share the same mentality:
The bug is not "terminated". Several multinational corporations have updated their systems to address this bug, but several more have yet to do so. As of earlier today, April 10th, the federal government agency, Canada Revenue Agency had not updated their system. There are, without a doubt, people who are still using financial service websites and other personal websites with outdated databases and systems.
It will be relevant even after the bug has been "eradicated". That is, relevant to those whose lives had been affected by this oversight, and to those who work diligently to ensure some other variation of the bug does not surface in the near future.
To those who would like to know more, and in addition to what the thread-starter posted, please visit this website: http://www.cbc.ca/news/technology/heartbleed-web-security-bug-what-you-need-to-know-1.26'88
[b]This may not affect you, but it may very well affect the uninformed passerby.[/b]
Before anyone gets panicky about this thing, MAPLESTORY IS NOT AFFECTED BY THIS "HEARTBLEED BUG".
Nexon.net is SAFE.
Basilmarket.com is SAFE.
Your accounts are SAFE.
You're not going to get hacked because of this.
[quote=Mijael]old news , move on[/quote]
Its old news when the bug is terminated and never to come back
also, if you use google chrome internet, you can get the extension; CHROMEBLEED.
@Mijael
I don't think move on is the appropriate term when it's still a threat, lol
old news , move on