I'd just like to reassure everyone that we aren't vulnerable to the "Heartbleed" security issue that was recently found in OpenSSL. Given our...alternate security measures, not only do the tests for it (such as ) not find it, they actually get confused by what we're doing.
We've known about this one for a while (right around the time it was introduced, back in 2012), and in fact have been using it in some of our mining / controller software. It's being stomped out rapidly now, but even though it'll still linger on for a good bit, certain...parties might be honey-potting scanners now, so I'm recommending we pull it, or at least modify it to only continue on sites it's succeeding at, auto-remove sites that get fixed, and drop the piece that scans for new targets. My full run-down on it can be found in the chained room, in the shape of that nice Heartbleed logo that they're using. (Looking at you here, Ramon, since you've been a lot more involved in that piece of it.)
We're not vulnerable to Heartbleed
2 posts
• Page 1 of 1
We're not vulnerable to Heartbleed
by Jesse » Thu Apr 10, 2014 9:14 am
Practice random acts of kindness and senseless beauty.
-
Jesse - Muse
- Posts: 99
- Joined: Fri Dec 06, 2013 2:32 am
- Location: The Beautiful Pacific NorthWest
Re: We're not vulnerable to Heartbleed
by Phil » Sun Apr 13, 2014 12:12 pm
Good to know. Thanks! After just dealing with the NSA bullshit, to have this come up would have driven me to suggest we all just say fuck it and go back to leaving messages on our Garden walls.
"Your job as a good player isn't to win money, it's to make good decisions." -- Mike Caro
-
Phil - Catalyst
- Posts: 430
- Joined: Fri Oct 28, 2011 5:32 pm
- Location: Las Vegas, NV
2 posts
• Page 1 of 1
Return to Forum Administration
Who is online
Users browsing this forum: No registered users and 1 guest