Magic Online Trading League Bulletin Board
  General Discussion
  Q: Is MOTL susceptible to the heartbleed vulnerability? Are our passwords at risk?

Post New Topic  Post A Reply
profile | register | preferences | faq | rules | memberlist | search

UBBFriend: Email This Page to Someone!   next newest topic | next oldest topic
Author Topic:   Q: Is MOTL susceptible to the heartbleed vulnerability? Are our passwords at risk?
LandDestroyer
Member
 posted April 18, 2014 10:00 AM   Click Here to See the Profile for LandDestroyer Click Here to Email LandDestroyer Send a private message to LandDestroyer Click to send LandDestroyer an Instant Message Edit/Delete Message Reply With Quote View LandDestroyer's Have/Want ListView LandDestroyer's Have/Want List
With all the news about the heartbleed vulnerability, sites needing to patch, and then needing to change passwords after the patch should we be concerned?

I've never even looked into how to change my password on MOTL...probably past due.

Additional reading is out there. Some links for the lazy.

http://news.uchicago.edu/article/2014/04/14/heartbleed-bug-what-you-should-know

http://www.itworld.com/consumerization-it/414574/how-tell-which-passwords-you-need-change-because-heartbleed

 
Shadow88
Member
 posted April 19, 2014 07:18 AM   Click Here to See the Profile for Shadow88 Click Here to Email Shadow88 Send a private message to Shadow88 Click to send Shadow88 an Instant Message Edit/Delete Message Reply With Quote 
I don't know specifically about MOTL's infrastructure, but you should generally consider anything a website stores as "at risk." This is one of the reasons why it's often suggested to use different passwords among different sites.
 
Child of Gaea
Member
 posted April 19, 2014 08:19 AM   Click Here to See the Profile for Child of Gaea Click Here to Email Child of Gaea Send a private message to Child of Gaea Click to send Child of Gaea an Instant Message Edit/Delete Message Reply With Quote View Child of Gaea's Have/Want ListView Child of Gaea's Have/Want List
If someone wants in bad enough, they will get in... if routine hacks of major retailers who have massive security teams occur, your MOTL pass has probably been in a DB somewhere over the years at some point. Just assume nothing you have is sacred, and keep different passes at all places you feel you need.. if you dont control the box your pass is on you do not control crap in my opinion!
 
LandDestroyer
Member
 posted April 19, 2014 06:10 PM   Click Here to See the Profile for LandDestroyer Click Here to Email LandDestroyer Send a private message to LandDestroyer Click to send LandDestroyer an Instant Message Edit/Delete Message Reply With Quote View LandDestroyer's Have/Want ListView LandDestroyer's Have/Want List
So what I'm gathering is 'yes and it won't be fixed'.
 
nderdog
Moderator
 posted April 20, 2014 09:43 AM   Click Here to See the Profile for nderdog Click Here to Email nderdog Send a private message to nderdog Click to send nderdog an Instant MessageVisit nderdog's Homepage  Edit/Delete Message Reply With Quote View nderdog's Have/Want ListView nderdog's Have/Want List
quote:
Originally posted by LandDestroyer:
So what I'm gathering is 'yes and it won't be fixed'.

No, the answer is that none of us have the answer to the question, and it's foolish to assume that any site anywhere is safe.

__________________
There's no need to fear, UNDERDOG is here!

All your Gruul Nodorogs are belong to me. Trade them to me, please!

Report rules violations.

Remember the Auctions Board!

LandDestroyer
Member
 posted April 20, 2014 01:02 PM   Click Here to See the Profile for LandDestroyer Click Here to Email LandDestroyer Send a private message to LandDestroyer Click to send LandDestroyer an Instant Message Edit/Delete Message Reply With Quote View LandDestroyer's Have/Want ListView LandDestroyer's Have/Want List
quote:
Originally posted by nderdog:
No, the answer is that none of us have the answer to the question, and it's foolish to assume that any site anywhere is safe.

There is a list of sites who have patched this particular vulnerability though. Just trying to understand out risk exposure. You and I both work in IT.

[Edited 1 times, lastly by LandDestroyer on April 20, 2014]

 
Leeroy
Member
 posted April 20, 2014 02:38 PM   Click Here to See the Profile for Leeroy Click Here to Email Leeroy Send a private message to Leeroy Click to send Leeroy an Instant Message Edit/Delete Message Reply With Quote 
quote:
Originally posted by LandDestroyer:
With all the news about the heartbleed vulnerability, sites needing to patch, and then needing to change passwords after the patch should we be concerned?

MOTL is running on an archaic, obsolete software that predates vulnerable versions of OpenSSL by ~10 years, so I wouldn't be worried about this particular vulnerability ;)

 
LandDestroyer
Member
 posted April 20, 2014 02:54 PM   Click Here to See the Profile for LandDestroyer Click Here to Email LandDestroyer Send a private message to LandDestroyer Click to send LandDestroyer an Instant Message Edit/Delete Message Reply With Quote View LandDestroyer's Have/Want ListView LandDestroyer's Have/Want List
quote:
Originally posted by Leeroy:
MOTL is running on an archaic, obsolete software that predates vulnerable versions of OpenSSL by ~10 years, so I wouldn't be worried about this particular vulnerability

Ha, well then...fair enough

 

All times are PDT (US)

next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

Contact Us | MOTL Home Page | Privacy Statement & TOS

© 1996-2013 Magic Online Trading League

Powered by Infopop © 2000
Ultimate Bulletin Board 5.47e