Heartland Forum Index
       FAQ      Rules      Search      Paypal Donation      Photo Gallery      Sisters Wiki   
   Register · Profile · Log in to check your private messages · View New Posts · Usergroups · Memberlist · Statistics  
   Follow us on   Twitter    Facebook · Log in  
Heartbleed - we are not affected

 
Post new topic   Reply to topic    Heartland Forum Index -> Announcements
View previous topic :: View next topic  
Author Message
Quiff Boy
Herr Administrator


Joined: 25 Jan 2002
Posts: 15648
Location: Lurking

PostPost #1  Posted: Fri Apr 11, 2014 10:02 am    Post subject: Heartbleed - we are not affected Reply with quote Back to top

There's been a lot in the press the last couple of days about a webserver security vulnerability known as Heartbleed.

You can read more about it here: http://heartbleed.com

A high number of high-profile websites have proven to be vulnerable, and users have been advised to change their passwords. There's a great list here:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

As you can see, sites and services like Amazon, Gmail etc have been affected.

The good news is that Heartland is not affected by this issue.

The way we handle user accounts & logins means this bug in older versions of SSL does not apply to us. The same applies to the SistersWiki.

Having said that, OpenSSL is installed on the Heartland webserver, but as of wednesday afternoon has been patched to the latest secure version.

In short, you do not need to change your Heartland password. Smile

We would, however, recommend you change your passwords on the sites mentioned in that article above Wierded Out
_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Being645
Above the Chemist


Joined: 09 Apr 2009
Posts: 11496
Location: ... where all the fevers grow ...

PostPost #2  Posted: Fri Apr 11, 2014 11:46 am    Post subject: Reply with quote Back to top

You're perfect ... We are not worthy! We are not worthy! We are not worthy! We are not worthy! We are not worthy! ... Mr. Green ...
_________________
@The Sisters of Mercy
NO new album, please! f**k 'em all !!! ... oder vielleicht doch ein bisschen Erbarmen?
Back to top
View user's profile Send private message
radiojamaica
Overbomber


Joined: 11 Apr 2005
Posts: 4830
Location: Tower of Bass

PostPost #3  Posted: Fri Apr 11, 2014 4:34 pm    Post subject: Reply with quote Back to top

Good one, Herr Quiffster We are not worthy!
_________________
in dub we trust
Back to top
View user's profile Send private message
Johnny Rev 7.0
Banned


Joined: 09 Sep 2006
Posts: 1137
Location: A place I go where no one knows

PostPost #4  Posted: Fri Apr 11, 2014 5:48 pm    Post subject: Reply with quote Back to top

Thanks very much Barry, and I'll endorse Bine's and Koen's comments above, for the sterling work you do behind the scenes to keep HL safe. We are not worthy!

As you know, I'm not much of a geeky boy, and the Heartbleed thingy is kinda over my head, but I do have one question:

Can I still buy a cheap kitchen via Announcements on HL?

TIA. Kiss
_________________
What a season
to be beautiful
without a reason
Back to top
View user's profile Send private message
Pista
Cureboi


Joined: 25 Jun 2006
Posts: 12860
Location: Lost In A Forest

PostPost #5  Posted: Sat Apr 12, 2014 12:14 pm    Post subject: Reply with quote Back to top

Johnny Rev 7.0 wrote:
Heartbleed thingy is kinda over my head, but I do have one question:

Can I still buy a cheap kitchen via Announcements on HL?

TIA. Kiss


seems it's possible http://www.myheartland.co.uk/viewtopic.php?t=24093

Thanks for the update Barry.
It seems the entire interweb's in confusion over the amount of risk there is.
Glad you got a patch on.
We are not worthy! We are not worthy!
_________________
Cheers.
Steve
Just like the old days
TheCureCommunity
Back to top
View user's profile Send private message
Johnny Rev 7.0
Banned


Joined: 09 Sep 2006
Posts: 1137
Location: A place I go where no one knows

PostPost #6  Posted: Sat Apr 12, 2014 4:14 pm    Post subject: Reply with quote Back to top

Pista wrote:
Glad you got a patch on.

Blimey! I never knew Quiffy had stopped smoking.

Or even started, for that matter. Wink
_________________
What a season
to be beautiful
without a reason
Back to top
View user's profile Send private message
markfiend
goriller of form 3b


Joined: 11 Nov 2003
Posts: 19912
Location: st custards

PostPost #7  Posted: Mon Apr 14, 2014 8:59 am    Post subject: Reply with quote Back to top

Obviously I can't say too much, but this...
Quote:
Heartland is not affected by this issue

I wish I could say the same about work. All patched now of course, but a lot of work was involved.

XKCD has an explanation of how the heartbleed bug works: http://xkcd.com/1354/
_________________
it is my firm belief that it is a mistake to hold firm beliefs
Back to top
View user's profile Send private message Visit poster's website
Quiff Boy
Herr Administrator


Joined: 25 Jan 2002
Posts: 15648
Location: Lurking

PostPost #8  Posted: Mon Apr 14, 2014 11:16 am    Post subject: Reply with quote Back to top

Just a heads-up to let you know that I'm currently looking at a way of making Heartland run entirely over secure https

ie: https://www.myheartland.co.uk/

I've purchased the SSL certificate and begun setting it up on the server, but there's a bit more server setup and a bit of forum config required to make it all work seamlessly.

I'll be dabbling with this during the coming week, so apologies if you see any weirdness re: security messages from your browser - don't worry, it will just be me trying to get this working Wierded Out

I'll post more details when I have something concrete to report back Cool
_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie
Back to top
View user's profile Send private message Send e-mail Visit poster's website
markfiend
goriller of form 3b


Joined: 11 Nov 2003
Posts: 19912
Location: st custards

PostPost #9  Posted: Mon Apr 14, 2014 11:28 am    Post subject: Reply with quote Back to top

Fun fun fun!
_________________
it is my firm belief that it is a mistake to hold firm beliefs
Back to top
View user's profile Send private message Visit poster's website
Quiff Boy
Herr Administrator


Joined: 25 Jan 2002
Posts: 15648
Location: Lurking

PostPost #10  Posted: Mon Apr 14, 2014 12:15 pm    Post subject: Reply with quote Back to top

Seems to be working on Safari and Chrome, but Firefox is complaining about it being an invalid security certificate Sad

Am working on it...

FWIW, we are definitely Heartbleed-proof Wink

https://www.ssllabs.com/ssltest/analyze.html?d=www.myheartland.co.uk
_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie
Back to top
View user's profile Send private message Send e-mail Visit poster's website
iesus
Overbomber


Joined: 15 Mar 2006
Posts: 2821
Location: x-EU

PostPost #11  Posted: Mon Apr 14, 2014 12:34 pm    Post subject: Reply with quote Back to top

Exception added on Firefox Mr. Green
Always trust MH Very Happy We are not worthy! We are not worthy!
_________________
Goths play Golf too ...
"Well, we've managed to f**k that up. Sssoo. This is on you!" - A.E.
Back to top
View user's profile Send private message
Quiff Boy
Herr Administrator


Joined: 25 Jan 2002
Posts: 15648
Location: Lurking

PostPost #12  Posted: Mon Apr 14, 2014 12:52 pm    Post subject: Reply with quote Back to top

Right that should have sorted it for Firefox now too Cool
_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Pat
Slight Overbomber


Joined: 19 Jun 2005
Posts: 1288
Location: Scotland

PostPost #13  Posted: Mon Apr 14, 2014 4:30 pm    Post subject: Reply with quote Back to top

Still getting problems on firefox, just had to add it as an exception
_________________
flickr
Back to top
View user's profile Send private message Visit poster's website
Bartek
Underneath the Rock


Joined: 17 Sep 2005
Posts: 5664

PostPost #14  Posted: Mon Apr 14, 2014 9:00 pm    Post subject: Reply with quote Back to top

FF constantly informs me that HL is not trustworthy. i'm adding exceptions, but i have cleaning history with closing browser.
_________________
Sie sehen mein Herz am rechten Fleck/Doch sehe ich dann nach unten weg/Da schlägt es links
Back to top
View user's profile Send private message
lazarus corporation
Lord Protector


Joined: 09 May 2004
Posts: 3392
Location: out there on a darkened road

PostPost #15  Posted: Mon Apr 14, 2014 9:26 pm    Post subject: Reply with quote Back to top

Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.
_________________
NEW: Artwork, and lots of it
Back to top
View user's profile Send private message Visit poster's website
lazarus corporation
Lord Protector


Joined: 09 May 2004
Posts: 3392
Location: out there on a darkened road

PostPost #16  Posted: Mon Apr 14, 2014 9:43 pm    Post subject: Reply with quote Back to top

lazarus corporation wrote:
Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.


Should be fixed now.
_________________
NEW: Artwork, and lots of it
Back to top
View user's profile Send private message Visit poster's website
Nikolas Vitus Lagartija
Overbomber


Joined: 04 Aug 2011
Posts: 2436
Location: Scotland

PostPost #17  Posted: Mon Apr 14, 2014 10:14 pm    Post subject: Reply with quote Back to top

Well done, chaps We are not worthy! We are not worthy! I have no idea what any of the above means but I think it means that we can all sleep peacefully and carry on posting !
Back to top
View user's profile Send private message Visit poster's website
Quiff Boy
Herr Administrator


Joined: 25 Jan 2002
Posts: 15648
Location: Lurking

PostPost #18  Posted: Mon Apr 14, 2014 10:18 pm    Post subject: Reply with quote Back to top

Very Happy

Thanks Laz Wink
_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Bartek
Underneath the Rock


Joined: 17 Sep 2005
Posts: 5664

PostPost #19  Posted: Tue Apr 15, 2014 10:50 am    Post subject: Reply with quote Back to top

it is fixed! We are not worthy! Kiss
_________________
Sie sehen mein Herz am rechten Fleck/Doch sehe ich dann nach unten weg/Da schlägt es links
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Heartland Forum Index -> Announcements All times are GMT + 1 Hour
 
Page 1 of 1

 


Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group  ·  Heartland supports phpBBHacks.com
Theme and Graphics by Quiff Boy, Tim Blackman and those nice people at ibplanet.com