Heartbleed and You :: League of Legends (LoL) Forum on MOBAFire

Show more awards

Posts:

4286

Joined:

Rep:

Profile

Permalink | Quote | PM | | Report

I'm sure you guys have heard of the "Heartbleed" bug. If not, you can read about it here;

http://heartbleed.com/

There is a bug in a security package, utilized almost everywhere on the internet, that in the right conditions could allow an attacker to steal key/password information and potentially even gain access to the server. The bug has been in the wild for about 2 years and was only recently discovered, and subsequently revealed (by the "good guys") a couple days ago.

I just wanted to let you guys know what action we have taken, what the risks are, and what action YOU might want to take.

Action We Have Taken

Fixes for this bug were issued almost immediately by vendors. We updated all of our servers and software with the fixed versions right away, and have been monitoring for additional patches. All of our sites sit behind CloudFlare, who were involved in handling this issue before it even went public, so they were patched already. Our host is rock solid and has taken all necessary measures to protect themselves and their networks.

Potential Risks

In terms of our sites, things are pretty safe. We patched immediately, we are relatively "sheltered" behind CloudFlare, we have a very reliable and trusted host, and we have security standards of our own to minimize the risk of attack, including this.

The most sensitive information that could be gained from a compromise on one of our servers is your encrypted passwords. However they would be next to useless to an attacker, as they are salted and stretched using a powerful hashing algorithm.

We have no reason to believe any such attack occurred, and we are safe from any future attack related to this bug.

In terms of the greater internet, there is a risk that any information you have stored on any website could potentially have been compromised, including your passwords or financial information. This is especially so for any websites that have not yet, or do not, patch their software for this bug now that it is out in the open.

What Should I Do?

This attack affects the entire internet. Change your passwords on critical sites. Start with your email and financial accounts. Use unique passwords on each of these sites to prevent a compromise on a weaker site from allowing attackers into your accounts on stronger sites. Ask the owners of sites you use, especially small independent sites, if they have taken the necessary measures. There are some tools to help test sites, such as;

http://filippo.io/Heartbleed/

I think that covers it. If you have any other questions or concerns, fire away!

[quote=Matt]I'm sure you guys have heard of the "Heartbleed" bug. If not, you can read about it here; http://heartbleed.com/ There is a bug in a security package, utilized almost everywhere on the internet, that in the right conditions could allow an attacker to steal key/password information and potentially even gain access to the server. The bug has been in the wild for about 2 years and was only recently discovered, and subsequently revealed (by the "good guys") a couple days ago. I just wanted to let you guys know what action we have taken, what the risks are, and what action YOU might want to take. [h1]Action We Have Taken[/h1] Fixes for this bug were issued almost immediately by vendors. We updated all of our servers and software with the fixed versions right away, and have been monitoring for additional patches. All of our sites sit behind CloudFlare, who were involved in handling this issue before it even went public, so they were patched already. Our host is rock solid and has taken all necessary measures to protect themselves and their networks. [h1]Potential Risks[/h1] In terms of our sites, things are pretty safe. We patched immediately, we are relatively "sheltered" behind CloudFlare, we have a very reliable and trusted host, and we have security standards of our own to minimize the risk of attack, including this. The most sensitive information that could be gained from a compromise on one of our servers is your encrypted passwords. However they would be next to useless to an attacker, as they are salted and stretched using a powerful hashing algorithm. We have no reason to believe any such attack occurred, and we are safe from any future attack related to this bug. In terms of the greater internet, there is a risk that any information you have stored on any website could potentially have been compromised, including your passwords or financial information. This is especially so for any websites that have not yet, or do not, patch their software for this bug now that it is out in the open. [h1]What Should I Do?[/h1] This attack affects the entire internet. Change your passwords on critical sites. Start with your email and financial accounts. Use unique passwords on each of these sites to prevent a compromise on a weaker site from allowing attackers into your accounts on stronger sites. Ask the owners of sites you use, especially small independent sites, if they have taken the necessary measures. There are some tools to help test sites, such as; http://filippo.io/Heartbleed/ I think that covers it. If you have any other questions or concerns, fire away![/quote]