Stories
Slash Boxes
Comments

SoylentNews is people

OpenSSL: Heartbleed - the Fallout.

posted by janrinok on Thursday April 10 2014, @09:45PM   Printer-friendly
from the security-is-important dept.

After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.

Heartbleed, and why you should change your password

I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately

Heartbleed Bug: Change All Your Passwords

An anonymous coward writes:

The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".

Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.

 
This discussion has been archived. No new comments can be posted.
OpenSSL: Heartbleed - the Fallout. | Log In/Create an Account | Top | 43 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by wantkitteh on Friday April 11 2014, @11:49AM

    by wantkitteh (3362) on Friday April 11 2014, @11:49AM (#29977) Homepage Journal

    I suppose it could have partially been my fault, I did mention Mojang closing down the Minecraft auth servers in the story I submitted about Heartbleed to illustrate just how widespread this bug's effect was. People expect stories about how this bug and that screw-up leaked 100billion credit card details or patient records or names and addresses of subscribers to Canine Fetish Monthly, we've seen that before. Something widespread enough to leak something as innocent as your Minecraft login should get some attention.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1) by iroll on Friday April 11 2014, @05:39PM

    by iroll (4013) on Friday April 11 2014, @05:39PM (#30166)

    That kind of mention I can absolutely understand, but to say "now I realise they are not in control of their own data" is extremely accusatory. It doesn't make them an example of a widespread problem; it calls them out as if they were either particularly neglectful or incompetent, or that they had given their (your) data to a third party that couldn't be trusted, none of which seem to be the case.

    When I clicked on the attached article, I expected to read something along the lines of the above (really, I expected to read that they had used an untrustworthy third-party service). Instead, I read that they had taken a particularly conservative approach for the problem. The disconnect between the summary and the article is obnoxious... I read the articles on aggregators like SN because I want to be clued into interesting things and see/participate in a discussion, not to get trolled into clicking on things that don't match the summary. Honestly, the only thing that could have made it more annoying to me would have been if the link had gone to a monetized blog that then linked to the Mojang page :P