Jump to content

Heartbleed "Bug" - Non-SL Issue


You are about to reply to a thread that has been inactive for 3639 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Jut in case you've not heard about this "bug" from any of your other sources of news, it is something you should pay attention to.

The Internet's financial transactions are based on the ability to send and receive data securely without fear of it being intercepted or stolen. For example, such things as your username, password, account details and the like are routinely transferred across the Internet using something called "SSL" (Secure Sockets Layer). All that techie-blech means that what you send to your bank (for example) and what they send to you won't be intercepted and misused.

But in the past few days it has been revealed that the most popular SSL system .. OpenSSL .. has a "bug". The bug allows someone with bad intent to connect to an Internet server that uses the buggy version of OpenSSL and take from it lots and lots of information that should be secure and private .. but suddenly isn't.

You can read the techie summary at the website http://heartbleed.com or you can use your favorite search engine and search for "heartbleed".

Link to comment
Share on other sites

Well Syn's link should ease your mind about SL itself, but one of the big boys that got hit by this was Yahoo, and a lot of SL'ers use Yahoo mail for their avatar accounts. I'm not sure if there's enough info lying around in your message folders to allow a hacker to work back to your SL account info, but just to be on the safe side if you have a Yahoo account you should change your password.

There are other big hosts that were hit (not Microsoft: apparently if you're using Hotmail you're in the clear) but for reasons obviious to even the most casual observer the Yahoo notice got my attention. I never ever use the same un/pw combo twice—as in on more than one website—but if you have done that you might consider changing up some passwords.

Link to comment
Share on other sites

uccello poultry commented on this through a feed post. She gave a pretty good link as to what websites were affected.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

I don't have any financial information through SL (not being a premium member or anything) but I did change my Yahoo mail password as well as my facebook password...just to be safe.

 

Link to comment
Share on other sites


Czari Zenovka wrote:

Thank you, Darrius, for further explaining this issue - I'd been hearing about it on the news but wasn't sure if I needed to change my passwords; and thank you so much, Tex, for providing the website to check which sites need password changes.  That was extremely helpful.

I add my thanks too...to Czari's

I had not read about this before here (too busy with exams I guess) so thanks. Not read all the links yet, so not sure how it effects me yet. 

Link to comment
Share on other sites

I know the sl website is safe, but i don't know if it was always ok or they updated it .and i should change my password

Typical linden labs, they give no info and it would seem they are oblivious to the heartbleed bug, although i would think they know full well about it, but have done nothing to put anyones mind at ease.

You would think they would post an official notice on the website.

Lat time a changed my password here turned into a knightmare so i don't want to do it unless necessary

Link to comment
Share on other sites


nikita Jefferson wrote:

I know the sl website is safe, but i don't know if it was always ok or they updated it .and i should change my password

Typical linden labs, they give no info and it would seem they are oblivious to the heartbleed bug, although i would think they know full well about it, but have done nothing to put anyones mind at ease.

You would think they would post an official notice on the website.

Lat time a changed my password here turned into a knightmare so i don't want to do it unless necessary

They did give all the info in the blog. They didn't have the heartbeat feature enabled on those servers, so our passwords were not vulnerable. Soft Linden went into more detail here; LL took the conservative approach and stayed on older OpenSSL releases, so they weren't using the broken versions anyway.

As Soft mentions in that post, if you used the same password on SL and other sites, you could have something to worry about. If someone knows that an account on another site and your SL account belong to the same person, it would give them some good guesses to try here. That's the usual caution: don't use the same password on any sites that are valuable to you; especially big, don't use your email password on anything else, because email is so often the door to password recovery.

Link to comment
Share on other sites

News just in....

It has been discovered that burglars are now able to enter houses through a Windows exploit.  They are believed to be able to utilise an archaic Brick hack  to crash through the latest Windows technology and then access your household.  It's thought that up to 6 billion people worldwide are using Windows and are now completely vulnerable in their house.  They have been warned to replace their Windows with a suitable fireWall or grille.  This exploit has only recently been flagged up, but the exploit is believed to have been in use for at least the last 500 years and that industry insiders have conspired in a widespread cover up over its security limitations.

Adobe mudhuts are believed to be unaffected along with Apple consumers though the latter are yet to make the leap into the 21st century or any kind of mainstream popularity that would attract Black Hat Brick yielders.

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 3639 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...