Time to change those passwords...
A new bug has been discovered on the internet, called the Heartbleed Bug. The basic idea is that it allowed hackers to steal information from servers that you thought were protected behind a secure (https) connection. That information could include usernames, passwords, credit card information, or anything that you've submitted in a form. Over 2/3 of the servers on the internet use OpenSSL which is the library that this bug was found in.
Subeta is safe. We're fortunate to be protected by cloudflare who was alerted to this bug a week before it became public, and has already patched it. It's very unlikely that any of your information has been stolen from Subeta.
Unfortunately there are a lot of sites that hadn't fixed their implemention of openSSL when the information was made public. This includes some google services, yahoo mail, imgur, and other sites that most of us use daily.
It's our suggestion that you change your passwords everywhere, including Subeta. Before you change your password on a website, check it here to ensure that it's no longer a threat. If you change your password and the site is still unsafe, you could be submitting your password to hackers again!
OpenSSL put out a patch as soon as the bug was made public, and most sites have already begun to patch and fix their servers. Most major sites on the internet have already been patched. You can read more about the bug here. Thank you, and stay safe on the internet! :heart:
Here is another great writeup of this bug.
Posted by Keith
Load this on 🆕 Kumos site
I saw that on Facebook...already changing my gmail passwords. I was worried about Subeta but I'm glad to know it's already patched. Just gotta think of a unique password to replace the old one I won't forget...
Thanks for the reminder!
Thanks for the reminder!
I don't even know all what sites I belong to anymore...o.O'
New goal! To keep a little account journal squirreled away somewhere so I know what accounts I have when things like this happen.
New goal! To keep a little account journal squirreled away somewhere so I know what accounts I have when things like this happen.
For Chromeusers, there's also the Chromebleed extension that you can get, which warns you if a site you've visited has been affected :)
Thanks for letting us know, Keith. I'm really grateful that you take the time to do this for us. (:
I don't really want to change my passwords cause I'll most likely forget...most of the sites I use are apparently safe anyway...
After reading conflicting posts from users can we get an official update clarifying the changing of passwords or waiting?
Thank you Keith. I'd never know bout stuff like this if you didn't bring it to our attention hugs
Wow o.o thanks for the heads up. It will take... a few weeks at least for me to remember all the sites I have accounts on o_O It must be over 100, and some I haven't logged into in months or years. I guess a lot of those aren't really important so if they get hacked, hopefully there aren't really bad consequences.
I heared on the radio that the leak has been existing for the past two years.
So I dunno, if hackers wanted to steal anything, they had two years to do it
So I dunno, if hackers wanted to steal anything, they had two years to do it
Bad, bad news for everyone of course. I changed my password here and I'm changing all my passwords and other information all over the internet.
Silly question. If a site says it has no SSL does that mean it is vulnerable and that I should still change my password on those particular sites?
Thank you for this. I was going back and forth as to if I wanted to change everything, which is A LOT, and after reading this, I'm working on doing that right now!
Thank you so much for this information, Keith! I am about to change every single PW I have on all the sites I visit, which thankfully isn't too many XD.
Thank you Keith for the update. I'm glad to hear the site is safe.
I wasn't aware of what was going on until I saw this news post ^_^.
I wasn't aware of what was going on until I saw this news post ^_^.
Thank you for the notice, I was wondering why in the last week i have been having a major issue on my laptop and had to keep running scans and cleaning up daily
Just a question that I don't understand, using @Jazzy's link to the list of sites what about the ones that say no SSL, are they vulnerable or not?
Sorry if that seems dumb. :)
Also thanks for the heads up.
Sorry if that seems dumb. :)
Also thanks for the heads up.
Well...just changed all the main ones, I'll do the rest as I remember them.
I'm on so many sites (a lot of which I don't even visit monthly, let alone daily) that it'd be impossible to do them all in one evening.
<_<
Thanks for that link to test the sites, it'd suck changing it just to have to change it again days later.
I'm on so many sites (a lot of which I don't even visit monthly, let alone daily) that it'd be impossible to do them all in one evening.
<_<
Thanks for that link to test the sites, it'd suck changing it just to have to change it again days later.
Thanks for letting everyone know, I know there were at least a few users who weren't aware of the situation!
Thank you for keeping everyone in the loop!
Thank you for keeping everyone in the loop!
I continue to be impressed and more impressed by Subeta's proactive ethics and communications. Thank you all. Feeling safe, and feeling like someone is keeping an eye on these issues and promptly and clearly addressing them is such a pleasant change for me!
Thanks for alerting people about this. I'm sure there were/are quite a few who were not aware.
Okay, changed everything. Except my Apple/iTunes password...should I change that one too? I don't know if that would be included...
That's hella scary.
Thank you so much for warning the people who weren't aware of this, I really appreciate it.
Thank you so much for warning the people who weren't aware of this, I really appreciate it.
I've been following this story too and was very pleased too see that when I checked Subeta was listed as safe. The site my hubby spends all his time on isn't.
this suuuucks. the news says it's found hundreds of yahoo usernames and passwords. (i am a frequent yahoo user too.) what a pain. :| thanks for the heads up. luckily i never put out card/address info online i suppose...
Thank you for the heads up Keith. I heard about this not too long ago via the Current Events thread. Huge sigh of relief that subeta and facebook are safe. I guess that's one good reason to be poor. I can't afford to buy anything.
Wow, @Keith, thanks for warning us! I hadn't heard about this latest bug exploit. busily changing all her passwords
Should I change my passwords on everything? Really? My bank, iTunes, Comcast, tumblr, deviantart...all of those? That's such a pain in the butt. I just now got them memorized and now I'm going to have to do it all again. I hate hackers. So, so much. -_-
@honey_bear
As Keith stated in announcement, once the websites you use have cleared the heartbleed test (once the site has been confirmed as patched), it is safe to change your passwords :)
As Keith stated in announcement, once the websites you use have cleared the heartbleed test (once the site has been confirmed as patched), it is safe to change your passwords :)
@Finnie , I'm just a little confused by your comment post. Are you suggesting we change our passwords before or after the patch you mentioned. Sorry, just a little confused. Thanks :)
Thanks for the heads up! I haven't heard anything about this, so I really appreciate the info!
Information about the sites affected:
Master list of sites affected by Heartbleed.
A more in depth article about the situation
Orgasmic that should answer your questions :)
Master list of sites affected by Heartbleed.
A more in depth article about the situation
Orgasmic that should answer your questions :)
My mom is in web security and said that the issue was that only one of the many versions of ssl had the problem. But unless you own the site you cant really know which use it unless you know where to look. That website is the one they used in her office, and most things relating to banking are safe as they do check those things daily.
Plus, it was an update to the ssl that had the biggest problem, and most places dont get those that quick.
So just be safe and use different pws on sites relating to your money, and even change your pin here if your worried :)
But its awesome subeta cares so much about us and wanted to warn those whose parents dont work with these things on a daily basis lol
Plus, it was an update to the ssl that had the biggest problem, and most places dont get those that quick.
So just be safe and use different pws on sites relating to your money, and even change your pin here if your worried :)
But its awesome subeta cares so much about us and wanted to warn those whose parents dont work with these things on a daily basis lol
Yeah I'm not understanding how to look at the websites I use to see if they're under threat or not.
The company I work for got right on this for our website (which is good, because I've been answering a lot of emails about it today). I was wondering if Subeta was on top of it as well, and I'm glad to hear you guys are!
Thank you for letting us know how Subeta is handling this situation! I have been following it, and was wondering about the situation here.
Thank you for the announcement. This is something that has to be disseminated to people as quickly as possible.
We've rolled out Fixed OpenSSL in a server I assist in running, the other day.
(And before someone lurches at me for my grammar, English is my third language. :P)
We've rolled out Fixed OpenSSL in a server I assist in running, the other day.
(And before someone lurches at me for my grammar, English is my third language. :P)
Until this afternoon subeta was coming up as being vulnerable on the heartbleed tester --- http://filippo.io/Heartbleed/
Most techs are recommending not to change your passwords at this point because the more recently your password (or other information) has been logged in the server the more vulnerable it is to hackers.
However I believe once the patches have been made you no longer have to worry about that, and yes, you should change your passwords.
Most techs are recommending not to change your passwords at this point because the more recently your password (or other information) has been logged in the server the more vulnerable it is to hackers.
However I believe once the patches have been made you no longer have to worry about that, and yes, you should change your passwords.
Thank you for letting us know! Very scary for those of is (like me) who use the web a LOT and to do a LOT of things.
Thanks for the update. I been seeing this around but glad that this website still gives out info like this.
Scared the crap out of me for a moment.... but so glad Subeta is safe. Thank you for the heads up. Had been hearing around this all day. Hope it gets fixed and fast.
Thank you for us about it Keith! :D:D