Heartbleed security risk?

[Erik318]

Woah, this seems to be a huge security issue:

http://www.cnet.com/news/how-to-prot...eartbleed-bug/

I guess I should worry about my Avid.com and iLok.com accounts? Any news on if these sites are affected?

[Marcel Risberg]

Keep calm and don't worry to much. Have faith. :)

Change your passwords when Avid and iLok (and others) claim they've updated their affected servers. Keep in mind; not all servers are affected by this security flaw.

Remember to update your own servers and affected devices.

Best regards,
Marcel

[musicman691]

Quote:

Originally Posted by Marcel Risberg

Keep calm and don't worry to much. Have faith. :)

Change your passwords when Avid and iLok (and others) claim they've updated their affected servers. Keep in mind; not all servers are affected by this security flaw.

Remember to update your own servers and affected devices.

Best regards,
Marcel

I read about this through AP and the article said to not really bother changing your passwords until whatever service you're using makes the changes to it's security system elsewise things are still compromised. Apparently it's only one subset of a certain security protocol that's compromised but one that happens to be widely used.

[Marcel Risberg]

Quote:

Originally Posted by musicman691

… not really bother changing your passwords until whatever service you're using makes the changes to it's security system ...

Yes, exactly.
It's a serious bug, affecting many sites including banks and online shops as well as forums like this one. I would recommend anyone to change their passwords after this bug has been solved, or rather the proper security patch has been applied everywhere.

The bug already has been fixed in the latest version of OpenSSL (openssl-1.0.1g = problem solved, openssl-1.0.2 will be solved with beta 2 - not yet released as of this writing).

Also, some older versions of OpenSSL like the one included with the OS X server for Mountain Lion (10.8) are not affected.

I'm hoping sites and companies will inform their users / customers when fixes have been applied so that we all can take precautionary action and change our passwords. I received an e-mail from Plugin Alliance today informing me like this: "The Heartbleed Bug - our website is ok. plugin-alliance.com not affected." Thats a good example. I hope more follow in their foot steps.

Best regards,
Marcel

[Bob Olhsson]

This kind of thing is the downside of "free" open-source software.

[musicman691]

CNN has a page up on this and a list of what services that if you're on need to be changed NOW and what services are okay. There are also a couple they don't know about one way or the other. I suggest taking a look at this page:
http://money.cnn.com/2014/04/10/tech...html?hpt=hp_t3

[Bill Denton]

Quote:

Originally Posted by Bob Olhsson

This kind of thing is the downside of "free" open-source software.

Got this from: http://www.zdnet.com/google-aws-rack...es-7000028281/

According to Microsoft, "most" Microsoft Services, including Microsoft Account and Azure, were not affected by the OpenSSL vulnerability and of course the Windows implementation of SSL/TLS were not impacted.

"Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (aka SChannel), which is not susceptible to the Heartbleed vulnerability," it said.

Microsoft's extensible web server IIS was not affected by the bug. However, that doesn't mean companies that run their websites on it won't be affected, largely due to the practice of employing a third-party load balancer — such as Amazon Web Services, which was affected by Heartbleed.

I will give the "open source" guys kudos for finding and putting out a fix for the issue quite quickly...but...

I think more than one IT manager may find his head on the chopping block for using "penny wise, pound foolish" open source stuff...and putting the future of the company in the hands of people who live in their mother's basement...

[mesaone]

I've just received an email from Plugin Alliance, saying the following:

Quote:

We have received a few emails from users who were concerned that our web site and / or web store might be affected by the "Heartbleed Bug". This bug is indeed a very bad one, we have a link with all the info for you here.

But please be assured that we have checked plugin-alliance.com and we are ok, so all your data is safe on our pages. We are using a proper version of OPEN SSL.

Best wishes, Dirk & the PA Team.

[Manu101]

this critical flaw in internet security has been around for 2 years... It just got discovered now.

http://www.truthdig.com/eartothegrou..._of_the_intern

[BondAudio]

iZotope: Safe.

IKMultimedia: Safe

iLok: Safe