Author

Topic: BITSTAMP.NET HEARTBLEEDING?check this (Read 1807 times)

legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
April 08, 2014, 11:36:08 AM
#16
Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol

The fix was in the works already when word leaked out about the vulnerability.  So at that point it was announced and people scrambled to get the fixes live.  Very fast work all around

That's good to know was trying the testing server but I got a false negative message so I am assuming a lot of people are using the thing
http://filippo.io/Heartbleed/

Edit In: Nvm its working again
legendary
Activity: 1615
Merit: 1000
April 08, 2014, 11:33:25 AM
#15
all good, bitstamp.net not affected.. its already fixed

The damage may already be done.  This vulnerability has existed for two years and has been know for a while by black hats.  

Just updating openSSL isnt enough.  You also need to update your certs and assume you were listened in on or broken into previously and didnt notice.  That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

but no worries if we were using 2FA right? riiight?


Depends, I think an attacker could, in theory, have sniffed the seed to your 2fa codes when you enabled 2FA. That's probably quite unlikely, though.
sr. member
Activity: 448
Merit: 254
April 08, 2014, 11:24:37 AM
#14
Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol

The fix was in the works already when word leaked out about the vulnerability.  So at that point it was announced and people scrambled to get the fixes live.  Very fast work all around
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
April 08, 2014, 11:18:30 AM
#13
Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet
sr. member
Activity: 448
Merit: 254
April 08, 2014, 11:14:37 AM
#12
Mtgox V 2.0 Coming

The question is who though.  Just about the entire Internet was vulnerable for the last two years.........
hero member
Activity: 770
Merit: 500
April 08, 2014, 11:04:34 AM
#11
Mtgox V 2.0 Coming
legendary
Activity: 1260
Merit: 1002
April 08, 2014, 11:03:33 AM
#10
all good, bitstamp.net not affected.. its already fixed

The damage may already be done.  This vulnerability has existed for two years and has been know for a while by black hats.  

Just updating openSSL isnt enough.  You also need to update your certs and assume you were listened in on or broken into previously and didnt notice.  That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

but no worries if we were using 2FA right? riiight?
sr. member
Activity: 448
Merit: 254
April 08, 2014, 11:00:50 AM
#9
all good, bitstamp.net not affected.. its already fixed

The damage may already be done.  This vulnerability has existed for two years and has been know for a while by black hats. 

Just updating openSSL isnt enough.  You also need to update your certs and assume you were listened in on or broken into previously and didnt notice.  That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
April 08, 2014, 10:11:06 AM
#8
bitstamp.com is vulnerable in case you want to see what a vulnerable site looks like:

http://filippo.io/Heartbleed/#bitstamp.com

Just found it by accident when trying to test bitstamp.net, any typed it incorrectly. 

It appears the two sites are not related at all...
sr. member
Activity: 448
Merit: 254
April 08, 2014, 09:03:27 AM
#7
wtf is going on?


Major exploit found in openSSL.  Update is out to fix it but the vulnerability has existed for a long time so everyones scrambling to update all their keys as well as run updates.  Expect many sites to suggest you update your passwords as they are possibly compromised.
legendary
Activity: 1260
Merit: 1002
April 08, 2014, 08:59:54 AM
#6
wtf is going on?
sr. member
Activity: 286
Merit: 250
April 08, 2014, 08:12:57 AM
#5
i hope it will be fixed,if bitstamp didnt fix it yet
legendary
Activity: 1190
Merit: 1001
April 08, 2014, 06:30:50 AM
#4
MtGox part two has began

Let's not be over dramatic it takes about 5 seconds to update openssl on the server.

Which is looks like they have already done: http://filippo.io/Heartbleed/#bitstamp.net

EDIT: however it appears logins are still disabled even after openssl has been updated; you can now feel free to start panicking.

hero member
Activity: 1582
Merit: 502
April 08, 2014, 06:25:40 AM
#3
Then someone should notify the administrators immediately.
full member
Activity: 237
Merit: 100
April 08, 2014, 06:10:23 AM
#2
MtGox part two has began
sr. member
Activity: 286
Merit: 250
April 08, 2014, 06:00:00 AM
#1
Hi i read this news http://www.coindesk.com/major-security-flaw-heartbleed-puts-critical-services-risk/ so i went to the website http://filippo.io/Heartbleed/ to check if some exchange place are safe,btc-e was ok,but what was my surprise when i saw bitstamp was affected..
check this and let me know what you think about that

herbergeur d image
Jump to: