Jump to content


Welcome to PBBans


Sign In 

Create Account
Welcome to PBBans, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of PBBans by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
 
Guest Message by DevFuse

Photo

Heartbleed Bug


  • Please log in to reply
13 replies to this topic

#1 SuperTaz

SuperTaz

    Operations Staff

  • Operations Staff
  • 8,913 posts
  • Gender:Male
  • Location:Pennsylvania
  • Origin:x_SuperTaz_x
  • Steam:SuperTaz
  • XFire:Supertaz1
Reputation: 782
Has a brilliant future

Posted Apr 13, 2014 - 08:13 PM

http://www.foxnews.com/tech/2014/04/10/what-need-to-know-about-heartbleed-bug/?intcmp=features

 

 

Millions of passwords, credit card numbers and other personal information may be at risk as a result of a major breakdown in Internet security revealed earlier this week, called the “Heartbleed” bug.

 

The damage caused by the bug is currently unknown. But the security hole exists on a vast number of the Internet's Web servers and went undetected for more than two years. While it's conceivable that the flaw was never discovered by hackers, it's nearly impossible to tell.

 

 

Qualys SSL Labs has created an online tool that lets visitors type in the names of websites to assess their vulnerability to the bug.

 

I checked Origin on this tool above, and it failed. You may want to change your passwords on Origin immediately.

 

https://www.ssllabs.com/ssltest/analyze.html?d=origin.com

 

While Steam did very well on the report:

 

https://www.ssllabs.com/ssltest/analyze.html?d=www.steampowered.com


  • 0

#2 propbndr

propbndr

    Normal User

  • Streaming Admin
  • 159 posts
  • Gender:Male
  • Location:USA
  • XFire:propbndr
Reputation: 15
On a distinguished road

Posted Apr 13, 2014 - 10:56 PM

Thing is, unless origin has updated its software, changing your password will do no good. That is the warning that was in a couple of articles I read on the hack. It may get recorded again the next time you login.

Edited by propbndr, Apr 13, 2014 - 10:57 PM.

  • 1

#3 -Slayer-

-Slayer-

    Normal User

  • Streaming Admin
  • 299 posts
  • Gender:Male
  • Location:Australia www.games.on.net servers with my Ban Hammer Smashing Cheaters.
Reputation: 69
Will become famous

Posted Apr 14, 2014 - 01:32 AM

  :hmm:  ..................  :facepalm: Just another thing to drive us crazy.

 

p.s good one origin, give up trying to play on the internet and hand all your games over to steam, you fail over and over with trying to wear the bigboy pants.

 

Not much good changing any info unless the security hole is closed to stop it.

 

I'm gunna change all mine to this.. :P

Spoiler

 

 

  :popcorn_cat:


  • 0

#4 propbndr

propbndr

    Normal User

  • Streaming Admin
  • 159 posts
  • Gender:Male
  • Location:USA
  • XFire:propbndr
Reputation: 15
On a distinguished road

Posted Apr 14, 2014 - 06:54 AM

This all says something about writing checks and using postal stamps to pay your bills.
  • 0

#5 Benway

Benway

    BOFH

  • Site Staff
  • 8,090 posts
  • Gender:Male
  • Location:Earth 52°N27'09'' 13°E20'16''
Reputation: 606
Has a brilliant future

Posted Apr 14, 2014 - 09:17 AM

I checked Origin on this tool above, and it failed. You may want to change your passwords on Origin immediately.
 
https://www.ssllabs.com/ssltest/analyze.html?d=origin.com

 
well ... thats down to spam distribution network CDN akamai blocks SSL-connections


Check your online-banking - not the landing page ... the netbanking.* onlinebanking.* subdomain - nice one :rolleyes:

Spoiler


  • 0

#6 Maester

Maester

    Retired Staff

  • Members
  • Pip
  • 1,371 posts
Reputation: 30
On the road to fame

Posted Apr 14, 2014 - 12:28 PM

Even though Origin got an F it says its not vulnerable to the heartbleed attack?

 

https://www.ssllabs.com/ssltest/analyze.html?d=origin.com&s=23.79.219.9


  • 0

#7 Pisi-Deff

Pisi-Deff

    Jack of All Trades

  • Operations Staff
  • 3,785 posts
Reputation: 215
Has a spectacular aura

Posted Apr 14, 2014 - 02:04 PM

Even though Origin got an F it says its not vulnerable to the heartbleed attack?

 

https://www.ssllabs.com/ssltest/analyze.html?d=origin.com&s=23.79.219.9

As Benway said, the only part that gets an F is Akamai, the ads/spam-distribution network. It holds none of your relevant information, thus there's nothing to fear.


  • 0

#8 HSMagnet

HSMagnet

    Mr. Sunshine

  • Operations Staff
  • 9,389 posts
Reputation: 483
Name is well known

Posted Apr 14, 2014 - 02:17 PM

how do you get rid of akamai?


  • 0

#9 Pisi-Deff

Pisi-Deff

    Jack of All Trades

  • Operations Staff
  • 3,785 posts
Reputation: 215
Has a spectacular aura

Posted Apr 14, 2014 - 03:15 PM

Uh... Adblock?


  • 0

#10 Benway

Benway

    BOFH

  • Site Staff
  • 8,090 posts
  • Gender:Male
  • Location:Earth 52°N27'09'' 13°E20'16''
Reputation: 606
Has a brilliant future

Posted Apr 14, 2014 - 03:35 PM

not a Chance, i tried several 127.0.0.1 s in hosts years back, what broke all kind of stuff. I just left it with killing 24/7 Run&NOP update-monitoring-services (but AV, but that uses its own servers/proxies anyway) and set them to manual (and ReVo-uninstalled teh Mother of all LSOs, creepy adobe AiR); akamai was used for update services by many software companies mainly the big As; nowadays they hide behind some Random-Gibberish-deploy.akamaitechnologies.com domains anyway (what renders hosts close to useless) like google does with *.1e100.net. http://www.nirsoft.net/utils/cports.html
 
PS: Ahh LoL


  • 0

#11 SuperTaz

SuperTaz

    Operations Staff

  • Operations Staff
  • 8,913 posts
  • Gender:Male
  • Location:Pennsylvania
  • Origin:x_SuperTaz_x
  • Steam:SuperTaz
  • XFire:Supertaz1
Reputation: 782
Has a brilliant future

Posted Apr 14, 2014 - 06:01 PM

Both vBulletin and Invision Power Boards got good scores. :)


  • 0

#12 Crotan

Crotan

    Normal User

  • Streaming Admin
  • 826 posts
  • Gender:Male
Reputation: 152
Has a spectacular aura

Posted Apr 14, 2014 - 09:15 PM

As Benway said, the only part that gets an F is Akamai, the ads/spam-distribution network. It holds none of your relevant information, thus there's nothing to fear.

As far as I know they do far more than spam, a large chunk of enterprise level customer facing websites sit behind one CDN or another.

Doesn't this website use cloudflare? Same business model no?

Edited by Crotan, Apr 14, 2014 - 09:20 PM.

  • 0

#13 Singh400

Singh400

    Normal User

  • Streaming Admin
  • 1,063 posts
  • Gender:Male
  • Location:Earth
Reputation: 172
Has a spectacular aura

Posted Apr 14, 2014 - 09:52 PM

well ... thats down to spam distribution network CDN akamai blocks SSL-connections

Article is from 2009, I doubt their network setup is the same... :\
  • 0

#14 Benway

Benway

    BOFH

  • Site Staff
  • 8,090 posts
  • Gender:Male
  • Location:Earth 52°N27'09'' 13°E20'16''
Reputation: 606
Has a brilliant future

Posted Apr 15, 2014 - 03:16 AM

sure. As well rest assured the global MSG is still more than ever accurate,
 

"Not unlike Google, Akamai has an enormous power to monitor users’ Internet usage and to control or even alter the messages that users send and receive. But while Google is repeatedly - if not often enough - held to the fire by privacy and civil liberties advocates, Akamai is mostly ignored."


but i am sure they got the backbone of a nudibranch err .. they will gladly help to watch what might endanger your national security.

cloudflare same biz mod? No. If i want, i can circumvent cf with little if any hassle. i cannot circumvent akamai at all, no matter what i want and i never was or will be asked - You? Tina


  • 1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



DMCA.com