Change your password (Heartbleed zero-day vulnerability) CERT UPDATED!

By Steven P.
in Site Announcements

 Share

Recommended Posts

Grand Master

Steven P. Administrators

Posted
  • Administrators
Posted

Regarding this news post https://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that (Y)

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine :p

 

Edit: This affects everyone, because everyone is logged in securely.

Grand Master

Vykranth

Posted
Posted (edited)

Changed! Now: password1

 

Not fair, I wanted to use that one! I'll go with that one then

 

Edit: One day, I will figure out how to embed youtube videos on the first try. AUGH!

  • Thief000, Steven P. and Nostromov
  • Like 3
Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

Odd. Now that I've changed it, the news page will not keep me logged in. I'm logged in when I go to the forums but not when I am on the news page. :(

log out then back in. it's a issue with the cookie

 

also: happy birthday :)

Grand Master

COKid

Posted
Posted

Changed to "qwerty". Thanks! ;)

 

Seriously, what's the point of rushing to change my passwords if the sites I deal with haven't updated their security procedures? The new passwords will be just as vulnerable, won't they?

 

I'm not trying to be snarky. Just wondering. TIA.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

Password is changed to 123

 

[EDIT]

Ok after I changed my password,  I post this and then I went to www.neowin.net front page, I was not logged in and when I attempt to log in, I get this:

attachicon.gifWhy.PNG

i refer you to my previous post

 

log out and then back in. a new password cookie needs to be created for the front page

Grand Master

+theblazingangel MVC

Posted
  • MVC
Posted

Regarding this news post https://www.neowin.net/news/openssl-affected-by-heartbleed-zero-day-vulnerability

 

We were affected too, someone registered on Neowin to let us know we were vulnerable, so thanks for that thumbs_up.gif

 

We have since patched our web servers (yesterday) and we're no longer vulnerable to the Heartbleed vulnerability, but since we use SSL to log you in it's a good idea to update your password.

 

I have changed mine tongue.png

 

Edit: This affects everyone, because everyone is logged in securely.

 

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

While the Neowin servers may be patched, the certificate is dated July 2013. To properly address this extremely critical vulnerability, patching by itself isn't enough; certificates also need to be revoked and replaced just incase their private keys have been compromised. It is pointless for us to change our passwords until this is addressed...

 

Isn't that only if you google or some how get duped into clicking on a fake Neowin link. If you bookmark neowin and use that we should be ok.

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

Grand Master

Praetor

Posted
Posted

Neobond, I've been using the same password on this site since i register on it! Do you really think I'm going to change it?

 

Also you can use this link https://www.ssllabs.com/ to check sites to see if they are vulnerable to the heartbleed vulnerability.

 

good call.

This topic is now closed to further replies.
 Share
Go to topic listing