m_e
Wantrepreneur
User Power
Value/Post Ratio
124%
- Jan 7, 2014
- 25
- 31
- 36
Since many of you own a website, online service or shop I thought this might be very important for you. (Its also important for everyone else!)
There is a massive OpenSSL bug that has been discovered yesterday. Most of the websites and e-mail traffic is decrypted with OpenSSL. For example when you see the "https://" in front of your domain its a secure connection with OpenSSL.
What does it mean for you website owners?
If you have a shop. Everyone can read your customers information. Including credit card details! I am not kidding! You will not even notice it!
What to do?
What does it mean for everyone else?
Everything what you have done in the past 2 years on a secure connection might not have been secure. This means online banking, shopping, sending emails or anything else.
The bad thing if anyone has some encrypted server traffic from the past 2 years, (maybe he was in a online coffee and was listening to other users) he will now be able to decrypt that.
Since this bug has gone public now, I expect a lot of people to abuse it. Remember this before you login to the next website! Check the website first! (P.S. thefastlaneforum.com is not affected.)
What to do?
This was probably a bit confusing now. I am really tired and gotta sleep. Just wanted to post that quick. For more information visit these sites or google "openssl heart bleed":
https://heartbleed.com/
http://www.cryptocoinsnews.com/news/openssl-heartbleed-security-bug/2014/04/08
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
There is a massive OpenSSL bug that has been discovered yesterday. Most of the websites and e-mail traffic is decrypted with OpenSSL. For example when you see the "https://" in front of your domain its a secure connection with OpenSSL.
What does it mean for you website owners?
If you have a shop. Everyone can read your customers information. Including credit card details! I am not kidding! You will not even notice it!
What to do?
- First check if your website is affected with: http://filippo.io/Heartbleed . There are other ways but this is the easiest one I found. You can also check if you have OpenSSL version 1.0.1 – 1.0.1f installed. Those are the versions of the past 2 years!
- If you are an admin, you have to upgrade the OpenSSL version to 1.0.1g. Then generate a new private key and also request and upgrade your SSL certificate.
- If you are no admin... well contact one or whomever is going to manage your webserver.
What does it mean for everyone else?
Everything what you have done in the past 2 years on a secure connection might not have been secure. This means online banking, shopping, sending emails or anything else.
The bad thing if anyone has some encrypted server traffic from the past 2 years, (maybe he was in a online coffee and was listening to other users) he will now be able to decrypt that.
Since this bug has gone public now, I expect a lot of people to abuse it. Remember this before you login to the next website! Check the website first! (P.S. thefastlaneforum.com is not affected.)
What to do?
- Hope that website owners upgrade to the latest OpenSSL version soon.
- Change your login information on those services that have already upgraded or aren't affected.
- Only use websites that aren't affected! (Check it with: http://filippo.io/Heartbleed)
This was probably a bit confusing now. I am really tired and gotta sleep. Just wanted to post that quick. For more information visit these sites or google "openssl heart bleed":
https://heartbleed.com/
http://www.cryptocoinsnews.com/news/openssl-heartbleed-security-bug/2014/04/08
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.
Last edited:
