Click to open network menu
Join or Log In
Mobafire logo

Join the leading League of Legends community. Create and share Champion Guides and Builds.

Create an MFN Account






Or

MOBAFire's second Season 13 Mini Guide Contest is here! Create or update guides for the 30 featured champions and compete for up to $200 in prizes! 🏆
's Forum Avatar

Heartbleed and You

Creator: Matt April 9, 2014 6:31pm
3 posts - page 1 of 1
Matt
<Administrator>
Matt's Forum Avatar
Show more awards
Posts:
4286
Joined:
Dec 8th, 2009
Permalink | Quote | PM | +Rep April 9, 2014 6:31pm | Report
I'm sure you guys have heard of the "Heartbleed" bug. If not, you can read about it here;

http://heartbleed.com/

There is a bug in a security package, utilized almost everywhere on the internet, that in the right conditions could allow an attacker to steal key/password information and potentially even gain access to the server. The bug has been in the wild for about 2 years and was only recently discovered, and subsequently revealed (by the "good guys") a couple days ago.

I just wanted to let you guys know what action we have taken, what the risks are, and what action YOU might want to take.

Action We Have Taken


Fixes for this bug were issued almost immediately by vendors. We updated all of our servers and software with the fixed versions right away, and have been monitoring for additional patches. All of our sites sit behind CloudFlare, who were involved in handling this issue before it even went public, so they were patched already. Our host is rock solid and has taken all necessary measures to protect themselves and their networks.

Potential Risks


In terms of our sites, things are pretty safe. We patched immediately, we are relatively "sheltered" behind CloudFlare, we have a very reliable and trusted host, and we have security standards of our own to minimize the risk of attack, including this.

The most sensitive information that could be gained from a compromise on one of our servers is your encrypted passwords. However they would be next to useless to an attacker, as they are salted and stretched using a powerful hashing algorithm.

We have no reason to believe any such attack occurred, and we are safe from any future attack related to this bug.

In terms of the greater internet, there is a risk that any information you have stored on any website could potentially have been compromised, including your passwords or financial information. This is especially so for any websites that have not yet, or do not, patch their software for this bug now that it is out in the open.

What Should I Do?


This attack affects the entire internet. Change your passwords on critical sites. Start with your email and financial accounts. Use unique passwords on each of these sites to prevent a compromise on a weaker site from allowing attackers into your accounts on stronger sites. Ask the owners of sites you use, especially small independent sites, if they have taken the necessary measures. There are some tools to help test sites, such as;

http://filippo.io/Heartbleed/

I think that covers it. If you have any other questions or concerns, fire away!
Bioalchemist
<Editor>
Bioalchemist's Forum Avatar
Show more awards
Posts:
2633
Joined:
Feb 5th, 2013
Permalink | Quote | PM | +Rep April 9, 2014 7:06pm | Report
thanks for the heads up matt. i will be sure to look at changing some passwords here and there.

Thanks to jhoijhoi for my signature!

NateDog13
<Member>
NateDog13's Forum Avatar
Show more awards
Posts:
291
Joined:
Dec 13th, 2013
Permalink | Quote | PM | +Rep April 9, 2014 8:15pm | Report

thanks for the heads up matt. i will be sure to look at changing some passwords here and there.


^
-Check out my Lucian Guide (Click the Picture above, 4 Current Builds)!-

You need to log in before commenting.

League of Legends Champions:

Teamfight Tactics Guide