I put this on the Rigs of Rods forums as well, and, just to cover all of my bases, I thought I'd post it here too: Within the last hour or so, a serious bug in the OpenSSL software, labeled "Heartbleed", became known. The gist of it is this: on any website using OpenSSL, all of your personal data that has been encrypted is completely available to external sources. I'm probably getting most of everything wrong, so you can read more here: http://heartbleed.com/ If you want to make sure you stay safe, then change your passwords so that they are not all the same.
Not really sure what to do about this, it seem Pointless changing my password untill it gets universally fixed.
- from stackoverflow. it's not a direct risk to invidivual users, but a motivated attacker could eventually find their way into a website that uses SSL and *then* steal user data. beamng.com doesn't have any ssl (good one, tdev) so it shouldn't be attackable.
how is not having a secure connection a good thing? (at the not having ssl being a good one on tdev, inb4 anyone says something about this bug, the openssl team has already fixed it, and is rolling out the update)
Alright, yes, the title is a but overdramatic, but it's true: over two thirds of all websites on the internet that need the capabilities use it as a platform. Until all of those are universally updated/patched, all of your personal information on these websites are extremely vulnerable to attack.
it's just ironic. tdev used to work in security but this website doesn't have any sort of SSL. just in this one case was SSL a bad thing to have. the OpenSSL team can roll out the update as soon as they want, but it's up to individual system administrators to actually adopt the update and make sure their systems are up to date. and LOTS of people will be running outdated versions for weeks. people still run outdated and insecure versions of windows XP all over the world, despite microsoft rolling out security fixes. the bug is already out there and will affect systems for weeks, months, years to come. @ orangelazer: i wish everyone made it so easy for me to figure out if they should be on my ignore list
you mean openssl would have been a bad thing to have, there are obviously other ssl systems also, how would you know where tdev used to work?
Unfortunately heartbleed is a real threat, hence I needed to sign out from soundcloud as a result of it: - - - Updated - - - Well at least soundcloud took measures.