Author
|
Topic: Q: Is MOTL susceptible to the heartbleed vulnerability? Are our passwords at risk?
|
LandDestroyer Member
|
posted April 18, 2014 10:00 AM
With all the news about the heartbleed vulnerability, sites needing to patch, and then needing to change passwords after the patch should we be concerned? I've never even looked into how to change my password on MOTL...probably past due. Additional reading is out there. Some links for the lazy. http://news.uchicago.edu/article/2014/04/14/heartbleed-bug-what-you-should-know http://www.itworld.com/consumerization-it/414574/how-tell-which-passwords-you-need-change-because-heartbleed
|
Shadow88 Member
|
posted April 19, 2014 07:18 AM
I don't know specifically about MOTL's infrastructure, but you should generally consider anything a website stores as "at risk." This is one of the reasons why it's often suggested to use different passwords among different sites.
|
Child of Gaea Member
|
posted April 19, 2014 08:19 AM
If someone wants in bad enough, they will get in... if routine hacks of major retailers who have massive security teams occur, your MOTL pass has probably been in a DB somewhere over the years at some point. Just assume nothing you have is sacred, and keep different passes at all places you feel you need.. if you dont control the box your pass is on you do not control crap in my opinion!
|
LandDestroyer Member
|
posted April 19, 2014 06:10 PM
So what I'm gathering is 'yes and it won't be fixed'.
|
nderdog Moderator
|
posted April 20, 2014 09:43 AM
quote: Originally posted by LandDestroyer: So what I'm gathering is 'yes and it won't be fixed'.
No, the answer is that none of us have the answer to the question, and it's foolish to assume that any site anywhere is safe. __________________ There's no need to fear, UNDERDOG is here!All your Gruul Nodorogs are belong to me. Trade them to me, please! Report rules violations. Remember the Auctions Board!
|
LandDestroyer Member
|
posted April 20, 2014 01:02 PM
quote: Originally posted by nderdog: No, the answer is that none of us have the answer to the question, and it's foolish to assume that any site anywhere is safe.
There is a list of sites who have patched this particular vulnerability though. Just trying to understand out risk exposure. You and I both work in IT.
[Edited 1 times, lastly by LandDestroyer on April 20, 2014]
|
Leeroy Member
|
posted April 20, 2014 02:38 PM
quote: Originally posted by LandDestroyer: With all the news about the heartbleed vulnerability, sites needing to patch, and then needing to change passwords after the patch should we be concerned?
MOTL is running on an archaic, obsolete software that predates vulnerable versions of OpenSSL by ~10 years, so I wouldn't be worried about this particular vulnerability ;)
|
LandDestroyer Member
|
posted April 20, 2014 02:54 PM
quote: Originally posted by Leeroy: MOTL is running on an archaic, obsolete software that predates vulnerable versions of OpenSSL by ~10 years, so I wouldn't be worried about this particular vulnerability
Ha, well then...fair enough
|