Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

[Willsy]

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

Not exactly sure what this means, but I was a bit concerned that this could affect SSMB, so I thought I'd bring it to attention. Sounds serious though.

[Frogging101]

I don't know very much about security, but this does sound concerning. From what I understand, the private key used in SSL certificates on any server running the affected software might have been compromised, and whoever has the key will be able to decrypt communications that use that certificate. System administrators will need to generate new certificates and revoke all existing ones. I'm not sure though.

But I don't think this will affect SSMB, because as far as I know, SSMB/TSS doesn't use HTTPS (Which is where SSL is implemented).

Thanks for making a thread about this, though. I updated my server and am no longer vulnerable, which is something that can never happen too soon when it comes to the disclosure of vulnerabilities.

Edited April 8, 2014 by Frogging101

[Da Blu Hedgie]

I don't know very much about security, but this does sound concerning. From what I understand, the private key used in SSL certificates on any server running the affected software might have been compromised, and whoever has the key will be able to decrypt communications that use that certificate. System administrators will need to generate new certificates and revoke all existing ones. I'm not sure though.

But I don't think this will affect SSMB, because as far as I know, SSMB/TSS doesn't use HTTPS (Which is where SSL is implemented).

Thanks for making a thread about this, though. I updated my server and am no longer vulnerable, which is something that can never happen too soon when it comes to the disclosure of vulnerabilities.

Ok so pretty much any website using https is vulnerable to people getting into my account then, like say twitter, facebook, youtube?

[Solkia]

1/3 of the web is, what, millions of sites? Billions?

 

Also, the article says the bug is already fixed. Any info that hasn't already been taken is safe for now.

 

Provided the site manager updates their shit on a regular basis.

[Carbo]

http://filippo.io/Heartbleed/

While SSMB isn't affected by this it is overall bigger fish to fry for all involved, so if you're worried that a site you store information on may be compromised and suffering from Heartbleed it's a good idea to go here and run a test.

If a service you use is affected the best course of action is to not log in to it until you know it's been patched and gotten new certs because otherwise you run the risk of your information spilling out. Once it's safe to go back it'd be a good idea to change your password as well just in case.

[Willsy]

Oh, okay then. Thanks for the advice.

[bmn]

Thanks for this. I'm going to post an announcement to get the word out a bit better.