View previous topic :: View next topic |
Author |
Message |
Quiff Boy Herr Administrator

Joined: 25 Jan 2002 Posts: 15660 Location: Lurking
|
Post #1 Posted: Fri Apr 11, 2014 10:02 am Post subject: Heartbleed - we are not affected |
 |
|
There's been a lot in the press the last couple of days about a webserver security vulnerability known as Heartbleed.
You can read more about it here: http://heartbleed.com
A high number of high-profile websites have proven to be vulnerable, and users have been advised to change their passwords. There's a great list here:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
As you can see, sites and services like Amazon, Gmail etc have been affected.
The good news is that Heartland is not affected by this issue.
The way we handle user accounts & logins means this bug in older versions of SSL does not apply to us. The same applies to the SistersWiki.
Having said that, OpenSSL is installed on the Heartland webserver, but as of wednesday afternoon has been patched to the latest secure version.
In short, you do not need to change your Heartland password.
We would, however, recommend you change your passwords on the sites mentioned in that article above  _________________ the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie |
|
Back to top |
|
 |
Being645 Above the Chemist

Joined: 09 Apr 2009 Posts: 12086 Location: ... where all the fevers grow ...
|
Post #2 Posted: Fri Apr 11, 2014 11:46 am Post subject: |
 |
|
You're perfect ... ... ... |
|
Back to top |
|
 |
radiojamaica Overbomber

Joined: 11 Apr 2005 Posts: 4847 Location: Tower of Bass
|
Post #3 Posted: Fri Apr 11, 2014 4:34 pm Post subject: |
 |
|
Good one, Herr Quiffster  _________________ in dub we trust |
|
Back to top |
|
 |
Johnny Rev 7.0 Banned
Joined: 09 Sep 2006 Posts: 1137 Location: A place I go where no one knows
|
Post #4 Posted: Fri Apr 11, 2014 5:48 pm Post subject: |
 |
|
Thanks very much Barry, and I'll endorse Bine's and Koen's comments above, for the sterling work you do behind the scenes to keep HL safe.
As you know, I'm not much of a geeky boy, and the Heartbleed thingy is kinda over my head, but I do have one question:
Can I still buy a cheap kitchen via Announcements on HL?
TIA.  _________________ What a season
to be beautiful
without a reason |
|
Back to top |
|
 |
Pista Cureboi

Joined: 25 Jun 2006 Posts: 13442 Location: Lost In A Forest
|
Post #5 Posted: Sat Apr 12, 2014 12:14 pm Post subject: |
 |
|
Johnny Rev 7.0 wrote: | Heartbleed thingy is kinda over my head, but I do have one question:
Can I still buy a cheap kitchen via Announcements on HL?
TIA.  |
seems it's possible http://www.myheartland.co.uk/viewtopic.php?t=24093
Thanks for the update Barry.
It seems the entire interweb's in confusion over the amount of risk there is.
Glad you got a patch on.
 _________________ Cheers.
Steve
Just like the old days
TheCureCommunity
|
|
Back to top |
|
 |
Johnny Rev 7.0 Banned
Joined: 09 Sep 2006 Posts: 1137 Location: A place I go where no one knows
|
Post #6 Posted: Sat Apr 12, 2014 4:14 pm Post subject: |
 |
|
Pista wrote: | Glad you got a patch on. |
Blimey! I never knew Quiffy had stopped smoking.
Or even started, for that matter.  _________________ What a season
to be beautiful
without a reason |
|
Back to top |
|
 |
markfiend goriller of form 3b

Joined: 11 Nov 2003 Posts: 20085 Location: st custards
|
Post #7 Posted: Mon Apr 14, 2014 8:59 am Post subject: |
 |
|
Obviously I can't say too much, but this...
Quote: | Heartland is not affected by this issue |
I wish I could say the same about work. All patched now of course, but a lot of work was involved.
XKCD has an explanation of how the heartbleed bug works: http://xkcd.com/1354/ _________________ it is my firm belief that it is a mistake to hold firm beliefs |
|
Back to top |
|
 |
Quiff Boy Herr Administrator

Joined: 25 Jan 2002 Posts: 15660 Location: Lurking
|
Post #8 Posted: Mon Apr 14, 2014 11:16 am Post subject: |
 |
|
Just a heads-up to let you know that I'm currently looking at a way of making Heartland run entirely over secure https
ie: https://www.myheartland.co.uk/
I've purchased the SSL certificate and begun setting it up on the server, but there's a bit more server setup and a bit of forum config required to make it all work seamlessly.
I'll be dabbling with this during the coming week, so apologies if you see any weirdness re: security messages from your browser - don't worry, it will just be me trying to get this working
I'll post more details when I have something concrete to report back  _________________ the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie |
|
Back to top |
|
 |
markfiend goriller of form 3b

Joined: 11 Nov 2003 Posts: 20085 Location: st custards
|
Post #9 Posted: Mon Apr 14, 2014 11:28 am Post subject: |
 |
|
Fun fun fun! _________________ it is my firm belief that it is a mistake to hold firm beliefs |
|
Back to top |
|
 |
Quiff Boy Herr Administrator

Joined: 25 Jan 2002 Posts: 15660 Location: Lurking
|
Post #10 Posted: Mon Apr 14, 2014 12:15 pm Post subject: |
 |
|
Seems to be working on Safari and Chrome, but Firefox is complaining about it being an invalid security certificate
Am working on it...
FWIW, we are definitely Heartbleed-proof
https://www.ssllabs.com/ssltest/analyze.html?d=www.myheartland.co.uk _________________ the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie |
|
Back to top |
|
 |
iesus Overbomber

Joined: 15 Mar 2006 Posts: 3047 Location: x-EU
|
Post #11 Posted: Mon Apr 14, 2014 12:34 pm Post subject: |
 |
|
Exception added on Firefox
Always trust MH  _________________ Goths play Golf too ...
"Someday! Someday, everything you need, is just gonna fall out of the sky..." -A.E. Reading 1991 |
|
Back to top |
|
 |
Quiff Boy Herr Administrator

Joined: 25 Jan 2002 Posts: 15660 Location: Lurking
|
Post #12 Posted: Mon Apr 14, 2014 12:52 pm Post subject: |
 |
|
Right that should have sorted it for Firefox now too  _________________ the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie |
|
Back to top |
|
 |
Pat Slight Overbomber

Joined: 19 Jun 2005 Posts: 1298 Location: Scotland
|
Post #13 Posted: Mon Apr 14, 2014 4:30 pm Post subject: |
 |
|
Still getting problems on firefox, just had to add it as an exception _________________ flickr |
|
Back to top |
|
 |
Bartek Underneath the Rock
Joined: 17 Sep 2005 Posts: 5775
|
|
Back to top |
|
 |
lazarus corporation Lord Protector

Joined: 09 May 2004 Posts: 3407 Location: out there on a darkened road
|
Post #15 Posted: Mon Apr 14, 2014 9:26 pm Post subject: |
 |
|
Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon. _________________ NEW: Artwork, and lots of it |
|
Back to top |
|
 |
lazarus corporation Lord Protector

Joined: 09 May 2004 Posts: 3407 Location: out there on a darkened road
|
Post #16 Posted: Mon Apr 14, 2014 9:43 pm Post subject: |
 |
|
lazarus corporation wrote: | Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon. |
Should be fixed now. _________________ NEW: Artwork, and lots of it |
|
Back to top |
|
 |
Nikolas Vitus Lagartija Overbomber

Joined: 04 Aug 2011 Posts: 2445 Location: Scotland
|
Post #17 Posted: Mon Apr 14, 2014 10:14 pm Post subject: |
 |
|
Well done, chaps I have no idea what any of the above means but I think it means that we can all sleep peacefully and carry on posting ! |
|
Back to top |
|
 |
Quiff Boy Herr Administrator

Joined: 25 Jan 2002 Posts: 15660 Location: Lurking
|
Post #18 Posted: Mon Apr 14, 2014 10:18 pm Post subject: |
 |
|
Thanks Laz  _________________ the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie |
|
Back to top |
|
 |
Bartek Underneath the Rock
Joined: 17 Sep 2005 Posts: 5775
|
|
Back to top |
|
 |
|