BITSTAMP.NET HEARTBLEEDING?check this

freedomno1

legendary

Activity: 1806

Merit: 1090

Learning the troll avoidance button :)

Quote from: clownius on April 08, 2014, 12:24:37 PM

Quote from: freedomno1 on April 08, 2014, 12:18:30 PM

Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol

The fix was in the works already when word leaked out about the vulnerability. So at that point it was announced and people scrambled to get the fixes live. Very fast work all around

That's good to know was trying the testing server but I got a false negative message so I am assuming a lot of people are using the thing
http://filippo.io/Heartbleed/

Edit In: Nvm its working again

rebuilder

legendary

Activity: 1615

Merit: 1000

Quote from: hdbuck on April 08, 2014, 12:03:33 PM

Quote from: clownius on April 08, 2014, 12:00:50 PM

Quote from: ?? on ??

all good, bitstamp.net not affected.. its already fixed

The damage may already be done. This vulnerability has existed for two years and has been know for a while by black hats.

Just updating openSSL isnt enough. You also need to update your certs and assume you were listened in on or broken into previously and didnt notice. That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

but no worries if we were using 2FA right? riiight?

Depends, I think an attacker could, in theory, have sniffed the seed to your 2fa codes when you enabled 2FA. That's probably quite unlikely, though.

clownius

sr. member

Activity: 448

Merit: 254

Quote from: freedomno1 on April 08, 2014, 12:18:30 PM

Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

Every serious server tech i know (and its quite a few) is currently very busy updating everything in sight lol

The fix was in the works already when word leaked out about the vulnerability. So at that point it was announced and people scrambled to get the fixes live. Very fast work all around

freedomno1

legendary

Activity: 1806

Merit: 1090

Learning the troll avoidance button :)

Well this one did spook me a bit it really is a matter of how fast they update at least from what I can understand about this bug didn't really look into heavy details yet

clownius

sr. member

Activity: 448

Merit: 254

Quote from: Equate on April 08, 2014, 12:04:34 PM

Mtgox V 2.0 Coming

The question is who though. Just about the entire Internet was vulnerable for the last two years.........

Equate

hero member

Activity: 770

Merit: 500

Mtgox V 2.0 Coming

hdbuck

legendary

Activity: 1260

Merit: 1002

Quote from: clownius on April 08, 2014, 12:00:50 PM

Quote from: ?? on ??

all good, bitstamp.net not affected.. its already fixed

The damage may already be done. This vulnerability has existed for two years and has been know for a while by black hats.

Just updating openSSL isnt enough. You also need to update your certs and assume you were listened in on or broken into previously and didnt notice. That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

but no worries if we were using 2FA right? riiight?

clownius

sr. member

Activity: 448

Merit: 254

Quote from: ?? on ??

all good, bitstamp.net not affected.. its already fixed

The damage may already be done. This vulnerability has existed for two years and has been know for a while by black hats.

Just updating openSSL isnt enough. You also need to update your certs and assume you were listened in on or broken into previously and didnt notice. That means users should be changing their passwords once the new certs are in use at least as they may have already been rendered useless.

BurtW

legendary

Activity: 2646

Merit: 1131

All paid signature campaigns should be banned.

bitstamp.com is vulnerable in case you want to see what a vulnerable site looks like:

http://filippo.io/Heartbleed/#bitstamp.com

Just found it by accident when trying to test bitstamp.net, any typed it incorrectly.

It appears the two sites are not related at all...

clownius

sr. member

Activity: 448

Merit: 254

Quote from: hdbuck on April 08, 2014, 09:59:54 AM

wtf is going on?

Major exploit found in openSSL. Update is out to fix it but the vulnerability has existed for a long time so everyones scrambling to update all their keys as well as run updates. Expect many sites to suggest you update your passwords as they are possibly compromised.

hdbuck

legendary

Activity: 1260

Merit: 1002

wtf is going on?

btcfre@k

sr. member

Activity: 286

Merit: 250

i hope it will be fixed,if bitstamp didnt fix it yet

dave111223

legendary

Activity: 1190

Merit: 1001

Quote from: MykelSilver on April 08, 2014, 07:10:23 AM

MtGox part two has began

Let's not be over dramatic it takes about 5 seconds to update openssl on the server.

Which is looks like they have already done: http://filippo.io/Heartbleed/#bitstamp.net

EDIT: however it appears logins are still disabled even after openssl has been updated; you can now feel free to start panicking.

S4VV4S

hero member

Activity: 1582

Merit: 502

Then someone should notify the administrators immediately.

MykelSilver

full member

Activity: 237

Merit: 100

MtGox part two has began

btcfre@k

sr. member

Activity: 286

Merit: 250

Hi i read this news http://www.coindesk.com/major-security-flaw-heartbleed-puts-critical-services-risk/ so i went to the website http://filippo.io/Heartbleed/ to check if some exchange place are safe,btc-e was ok,but what was my surprise when i saw bitstamp was affected..
check this and let me know what you think about that

herbergeur d image

Topic: BITSTAMP.NET HEARTBLEEDING?check this (Read 1795 times)