Heartbleed Issue? [message #487202] |
Wed, 16 April 2014 14:23 |
|
-TLS-DJ-EYE-K
Messages: 742 Registered: November 2010 Location: Germany
Karma: 0
|
Colonel |
|
|
Question :
Has this Side been affected by the Heartbleed Problem and if so is there already an update available?
Thx
|
|
|
|
Re: Heartbleed Issue? [message #487204 is a reply to message #487202] |
Wed, 16 April 2014 16:12 |
Generalcamo
Messages: 522 Registered: October 2010
Karma: 0
|
Colonel |
|
|
Considering the NSA people specifically targetted the Renegade Forums with this Heartbleed problem, which they added in the guise of an innocent pull request, it completely affects you.
The recommended action is to delete your account, and never come back again.
For your personal safety, I recommend staying off anything Renegade X as well. If you REALLY want to be safe, cancel your plan with your ISP and/or disconnect your computer from the internet. For maximum safety, never turn on your computer again.
[Updated on: Wed, 16 April 2014 16:27] Report message to a moderator
|
|
|
|
Re: Heartbleed Issue? [message #487208 is a reply to message #487202] |
Wed, 16 April 2014 23:20 |
|
Crimson
Messages: 7430 Registered: February 2003 Location: Phoenix, AZ
Karma: 0
|
General (5 Stars) ADMINISTRATOR |
|
|
Agreed - there was no reason to pay for an SSL cert for a forum, so we were not affected.
I'm the bawss.
|
|
|
Re: Heartbleed Issue? [message #487209 is a reply to message #487208] |
Thu, 17 April 2014 01:21 |
|
danpaul88
Messages: 5795 Registered: June 2004 Location: England
Karma: 0
|
General (5 Stars) |
|
|
Crimson wrote on Thu, 17 April 2014 07:20 | no reason to pay for an SSL cert for a forum
|
Well, there is the fact that it means user passwords are sent in plain text over the internet whenever they login... anyone unwise enough to share passwords with other sites is then broadcasting their login details to anyone who happens to be listening, especially if they are connecting over an unencrypted WiFi connection.
[Updated on: Thu, 17 April 2014 05:58] Report message to a moderator
|
|
|
|
|
|
Re: Heartbleed Issue? [message #487217 is a reply to message #487209] |
Thu, 17 April 2014 11:50 |
|
Crimson
Messages: 7430 Registered: February 2003 Location: Phoenix, AZ
Karma: 0
|
General (5 Stars) ADMINISTRATOR |
|
|
danpaul88 wrote on Thu, 17 April 2014 01:21 |
Crimson wrote on Thu, 17 April 2014 07:20 | no reason to pay for an SSL cert for a forum
|
Well, there is the fact that it means user passwords are sent in plain text over the internet whenever they login... anyone unwise enough to share passwords with other sites is then broadcasting their login details to anyone who happens to be listening, especially if they are connecting over an unencrypted WiFi connection.
|
That has been the case with these forums since Day 1, even when Westwood hosted them. The fact that I've run these forums for 11 years and you're just now bringing it up doesn't put it very high on my priority list to do the work and pay for.
I'm the bawss.
|
|
|
|
|
Re: Heartbleed Issue? [message #487248 is a reply to message #487217] |
Thu, 17 April 2014 23:08 |
|
EvilWhiteDragon
Messages: 3751 Registered: October 2005 Location: The Netherlands
Karma: 0
|
General (3 Stars) |
|
|
Crimson wrote on Thu, 17 April 2014 20:50 |
danpaul88 wrote on Thu, 17 April 2014 01:21 |
Crimson wrote on Thu, 17 April 2014 07:20 | no reason to pay for an SSL cert for a forum
|
Well, there is the fact that it means user passwords are sent in plain text over the internet whenever they login... anyone unwise enough to share passwords with other sites is then broadcasting their login details to anyone who happens to be listening, especially if they are connecting over an unencrypted WiFi connection.
|
That has been the case with these forums since Day 1, even when Westwood hosted them. The fact that I've run these forums for 11 years and you're just now bringing it up doesn't put it very high on my priority list to do the work and pay for.
|
It's not like much changed in those 11 years... It's most certainly not that the use of SSL has risen nor the need for keeping your password secure. Also, I find it quite lame that you're not even responding to my statement that you can get a *FREE* SSL certificate (http://www.startssl.com/).
Then again, it is obvious that security isn't very high on your priority list since the forums still use a (RC) version of FUDForums from 2007.
BlackIntel admin/founder/PR dude (not a coder)
Please visit http://www.blackintel.org/
V, V for Vendetta | People should not be afraid of their governments.
Governments should be afraid of their people.
|
|
|
|
Re: Heartbleed Issue? [message #487253 is a reply to message #487202] |
Fri, 18 April 2014 03:33 |
|
Crimson
Messages: 7430 Registered: February 2003 Location: Phoenix, AZ
Karma: 0
|
General (5 Stars) ADMINISTRATOR |
|
|
It's not that security isn't high on my priority list... it's that these forums aren't high on my priority list. You shouldn't be using the same password here that you would use at your bank, credit card, etc anyway. You're not wrong in that I *should* make the logins or maybe the whole forums served over SSL... but you're just not going to convince me that it's worth the time or effort to do it. These are the 11 year old forums for a 12 year old game, and they are visited by very few people at this point. Even you quit doing work for Renegade by now...
I'm the bawss.
|
|
|
|
|
Re: Heartbleed Issue? [message #487264 is a reply to message #487258] |
Fri, 18 April 2014 14:29 |
|
Crimson
Messages: 7430 Registered: February 2003 Location: Phoenix, AZ
Karma: 0
|
General (5 Stars) ADMINISTRATOR |
|
|
-TLS-DJ-EYE-K wrote on Fri, 18 April 2014 09:23 | Sorry, i didnt want to cause a discussion about this, just was a bit worried, thx again Crimson for stating clear whats up here.
|
It's ok. EWD loves finding when I'm doing things wrong and harping on about it endlessly. You didn't know you were going to give him an opening to badger me again.
The thing is: everyone bails on Renegade at some point. I am one of the few willing to continue hosting whatever needs hosting, and maintaining necessary domain registrations until the day I die. I don't trust anyone else to make that same commitment that I made 11 years ago when I bid for these forums.
This is quite literally the first time anyone has wanted me to put SSL on a game forum... and to just be asking now when the forums are barely visited at all is just plain madness.
I'm the bawss.
|
|
|
|
|
Re: Heartbleed Issue? [message #487268 is a reply to message #487202] |
Sat, 19 April 2014 00:49 |
|
EvilWhiteDragon
Messages: 3751 Registered: October 2005 Location: The Netherlands
Karma: 0
|
General (3 Stars) |
|
|
Crimson, let it be clear that I wasn't necessarily pushing for SSL, I just couldn't agree with the statement that there's no reason for SSL. If you just stated that you didn't want to invest the time the first time round, that would've been OK. It makes total sense.
I know we've had our beef, but please, understand that I'm not always attacking you. I'm very critical and have difficulty in settling for inconclusive arguments and thus search for the complete explanation.
Ethenal is right in that the forums shouldn't go down because of something like this. On the other hand, it would be nice if someone would spend some time in upgrading it, now wouldn't it? I don't know who would, but if you don't express the wish then none will offer to do so
BlackIntel admin/founder/PR dude (not a coder)
Please visit http://www.blackintel.org/
V, V for Vendetta | People should not be afraid of their governments.
Governments should be afraid of their people.
|
|
|
|
|
|
Re: Heartbleed Issue? [message #487289 is a reply to message #487202] |
Mon, 21 April 2014 11:45 |
InternetThug
Messages: 1036 Registered: October 2005 Location: vagina
Karma: 0
|
General (1 Star) |
|
|
That seemed pretty unwarranted liquid ... why is everyone on renegade so brutal? EWD has some solid points and Crimson countered them to with EWD agreed with and then you fly off the deep end .. why am I not surprised?
|
|
|
|
|