Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 3 post(s) |
Dinsdale Pirannha
Pirannha Corp
2616
|
Posted - 2014.04.09 12:49:00 -
[1] - Quote
I realize this has been floating around for some time, and the media is just picking it up now, but is the Eve site secure? Most people viewed Orwell's writings as a warning. The harper regime and the goons treat them as a guidebook. |
Scipio Artelius
The Vendunari End of Life
1084
|
Posted - 2014.04.09 12:52:00 -
[2] - Quote
You better change your password just to be sure.
The Cartels could take over your account and biomass you (told you theyd put a hit on you). . -á<- Argue this, not this ->-á( -í-¦ -£-û -í-¦) |
Tesco Ergo Sum
Science and Trade Institute Caldari State
75
|
Posted - 2014.04.09 13:00:00 -
[3] - Quote
Confirming the Internet is dying...
EVE is mostly M$ based so not an issue. |
Doc Fury
Furious Enterprises
4326
|
Posted - 2014.04.09 14:43:00 -
[4] - Quote
Well, CCP did spring for the whole $20 to get a rapidSSL cert, so I for one feel SO much better...
The accumulated filth of all their sex and murder will foam up about their waists and all the ho's and politicians will look up and shout 'Save us!' and I'll look down, and whisper 'Hodor'. |
Jessica Danikov
Clan Shadow Wolf Fatal Ascension
321
|
Posted - 2014.04.09 14:57:00 -
[5] - Quote
If CCP are vulnerable, they need to patch their implementation before everyone runs around changing their passwords
Official input is needed to either indicate they're not vulnerable or that when the vulnerability has been patched and people should be resetting passwords. |
KuroVolt
The Legion of Spoon Curatores Veritatis Alliance
1639
|
Posted - 2014.04.09 14:59:00 -
[6] - Quote
I DONT KNOW WHAT WE ARE TALKING ABOUT BUT I FOR ONE AM FREAKING OUT MAN! BoBwins Law: As a discussion/war between two large nullsec entities grows longer, the probability of one comparing the other to BoB aproaches near certainty. |
Ramona McCandless
The McCandless Clan Council of Peace and Prosperity
3267
|
Posted - 2014.04.09 15:00:00 -
[7] - Quote
Heartbleed - why do you miss when my baby kisses me heartbleed - why does a love kiss stay in my memory
Piddle dee pat - I know that new love thrills me I know that true love will be
Heartbleed - why do you miss when my baby kisses me
Heartbleed - why do you skip when my baby's lips meet mine heartbleed - why do you flip then give me a skip beat sign
Piddle dee pat - and sing to me love stories and bring to me loveGÇÖs glories
Heartbleed - why do you miss when my baby kisses me
Hmm clearly it IS vunerable! *** Vote MTU For CSM *** ***Free The Jita 1*** "They feel the need to cover their ears and eyes in horror at your very presence." - Pontianak Sythaeryn "Despite others being missing, at least Ramona is back." - Scipio Artelius |
Vipre Morte
Team JK
100
|
Posted - 2014.04.09 16:26:00 -
[8] - Quote
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack. |
Crasniya
Strange Energy Gentlemen's Agreement
493
|
Posted - 2014.04.09 16:28:00 -
[9] - Quote
Vipre Morte wrote:I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.
Because this might actually be considered a bannable offense, even if done for whitehat reasons.
But yeah, CCP runs Microsoft, and the Heartbleed bug is a Linux exploit. |
Lucretia DeWinter
Dirt Nap Squad Dirt Nap Squad.
138
|
Posted - 2014.04.09 16:34:00 -
[10] - Quote
Crasniya wrote:Vipre Morte wrote:I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack. Because this might actually be considered a bannable offense, even if done for whitehat reasons. But yeah, CCP runs Microsoft, and the Heartbleed bug is a Linux exploit.
The po-po also consider this a crime. Be careful with this stuff. |
|
Herzog Wolfhammer
Sigma Special Tactics Group
4706
|
Posted - 2014.04.09 16:38:00 -
[11] - Quote
Vipre Morte wrote:I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.
I can confirm this.
And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials.
I spent much of yesterday patching servers because of this.
This week, give your system administrators a hug. They'll need it. Bring back DEEEEP Space! |
Crasniya
Strange Energy Gentlemen's Agreement
493
|
Posted - 2014.04.09 16:42:00 -
[12] - Quote
Herzog Wolfhammer wrote:This week, give your system administrators a hug. They'll need it.
Your system administrators actually likely need a hug every week. |
handige harrie
Hedion University Amarr Empire
231
|
Posted - 2014.04.09 16:54:00 -
[13] - Quote
http://filippo.io/Heartbleed/#eveonline.com Baddest poster ever |
Alyth Nerun
Foundation for CODE and THE NEW ORDER CODE.
167
|
Posted - 2014.04.09 17:10:00 -
[14] - Quote
They don't actually use real enterprise grade operating systems like Linux. |
Dinsdale Pirannha
Pirannha Corp
2619
|
Posted - 2014.04.09 18:00:00 -
[15] - Quote
Herzog Wolfhammer wrote:Vipre Morte wrote:I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack. I can confirm this. And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials. I spent much of yesterday patching servers because of this. This week, give your system administrators a hug. They'll need it.
So are saying the the Eve site is OK? I was hoping CCP would give some kind of response. Most people viewed Orwell's writings as a warning. The harper regime and the goons treat them as a guidebook. |
Serene Repose
1231
|
Posted - 2014.04.09 18:19:00 -
[16] - Quote
No. (Subject line question.) Yes. (OP body question.)
(Still using anti-virus software? CHICKEN!) I have sworn upon the altar of God eternal hostility toward every form of tyranny over the mind of man.-á |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3015
|
Posted - 2014.04.09 18:20:00 -
[17] - Quote
Dinsdale Pirannha wrote:Herzog Wolfhammer wrote:Vipre Morte wrote:I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack. I can confirm this. And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials. I spent much of yesterday patching servers because of this. This week, give your system administrators a hug. They'll need it. So are saying the the Eve site is OK? I was hoping CCP would give some kind of response.
We're saying that CCP don't use (in general) the software that's vulnerable. ( store.eve.com is. But it's run by different people. And the auth wouldn't expose your eve password) Steve Ronuken for CSM 9! https://forums.eveonline.com/default.aspx?g=posts&m=4236322 http://www.fuzzwork.co.uk/ Twitter: @fuzzysteve on Twitter |
Dinsdale Pirannha
Pirannha Corp
2619
|
Posted - 2014.04.09 18:24:00 -
[18] - Quote
Steve Ronuken wrote:Dinsdale Pirannha wrote:Herzog Wolfhammer wrote:Vipre Morte wrote:I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack. I can confirm this. And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials. I spent much of yesterday patching servers because of this. This week, give your system administrators a hug. They'll need it. So are saying the the Eve site is OK? I was hoping CCP would give some kind of response. We're saying that CCP don't use (in general) the software that's vulnerable. ( store.eve.com is. But it's run by different people. And the auth wouldn't expose your eve password)
OK, thanks. And yes, you were one of the people I voted for. Please don't turn out to be one of the null sec plants who hates high sec. Most people viewed Orwell's writings as a warning. The harper regime and the goons treat them as a guidebook. |
Desivo Delta Visseroff
Cataclysmic Paradox
203
|
Posted - 2014.04.09 18:59:00 -
[19] - Quote
KuroVolt wrote:I DONT KNOW WHAT WE ARE TALKING ABOUT BUT I FOR ONE AM FREAKING OUT MAN!
When in confusion or in doubt, run in circles, scream and shout
~ Desivo Delta Visseroff |
Lugia3
Emerald Inc. Easily Excited
933
|
Posted - 2014.04.09 19:54:00 -
[20] - Quote
Desivo Delta Visseroff wrote:KuroVolt wrote:I DONT KNOW WHAT WE ARE TALKING ABOUT BUT I FOR ONE AM FREAKING OUT MAN! When in confusion or in doubt, run in circles, scream and shout ~ Desivo Delta Visseroff Do you have doubt?
Use C4. "CCP Dolan is full of ****." - CCP Bettik |
|
Tesco Ergo Sum
Science and Trade Institute Caldari State
76
|
Posted - 2014.04.09 20:20:00 -
[21] - Quote
Answer provided:
https://forums.eveonline.com/default.aspx?g=posts&t=335584
ISD please lock. |
Padrone
Rennfeuer Curatores Veritatis Alliance
0
|
Posted - 2014.04.09 20:23:00 -
[22] - Quote
The IIS is faulty configured ! https://www.ssllabs.com/ssltest/analyze.html?d=secure.eveonline.com
- secure.eveonline.com still prefers older Cipher Suites , which are not using PFS by default ! - PFS is a must have for TLS1.2
|
Tesco Ergo Sum
Science and Trade Institute Caldari State
76
|
Posted - 2014.04.09 21:03:00 -
[23] - Quote
Steady on there tiger! This isn't an ethical hack, we should charge for that
|
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
3019
|
Posted - 2014.04.09 21:48:00 -
[24] - Quote
Anything above a B is pretty good really. Steve Ronuken for CSM 9! https://forums.eveonline.com/default.aspx?g=posts&m=4236322 http://www.fuzzwork.co.uk/ Twitter: @fuzzysteve on Twitter |
Padrone
Rennfeuer Curatores Veritatis Alliance
0
|
Posted - 2014.04.09 22:16:00 -
[25] - Quote
[/quote] Anything above a B is pretty good really.[/quote]
what means good, decrypting our data in the Future .
TLS1.2 without PFS is bullshit, and does not meet the current standard ! |
|
ISD Ezwal
ISD Community Communications Liaisons
1127
|
Posted - 2014.04.09 22:18:00 -
[26] - Quote
As there is already a thread on the same topic (including Dev answer), this one gets a lock.
The rules: 16. Redundant and re-posted threads will be locked.
As a courtesy to other forum users, please search to see if there is a thread already open on the topic you wish to discuss. If so, please place your comments there instead. Multiple threads on the same subject clutter up the forums needlessly, causing good feedback and ideas to be lost. Please keep discussions regarding a topic to a single thread. ISD Ezwal Captain Community Communication Liaisons (CCLs) Interstellar Services Department |
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |