Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Heartbleed Virus/Bug - should we (ADISCers) be worried?

  1. #1
    bringmesunshine

    Default Heartbleed Virus/Bug - should we (ADISCers) be worried?

    As you may all know today the internet is in a massive panic about this new virus that completely unscrambles passwords, works out who you are and dives into your bank accounts to reek havoc - and other things. I aiming this at the ADISC board but there might be some very IT savy ABDLs out there so...should we be worried?

  2. #2

    Default

    No use going in to my bank i'm insolvent any way

  3. #3

    Default

    I knew it was possible, but have never heard of a virus doing it till now. More then likely another hacker will hit that hacker within the week. by the way I heard SSL has been cracked.

  4. #4

    Default

    There's a lot of FUD and misinformation out there right now, but this is a very serious bug.

    Specific to ADISC, my post here kinda sums up my thoughts: https://www.adisc.org/forum/administ...ml#post1174220

    In general, I think most people will be fine changing their passwords once the sites have been patched. The two big issues are:

    - A lot of sites are going to be slow to do this, and this bug is trivial to exploit. I'd check whether a site is affected before plugging any personal data into it for the next little while (Test your server for Heartbleed (CVE-2014-0160) works well for this).
    - Leaked personal data. This is a very real possibility and can't really be undone. More of a concern to companies and organizations with sensitive data (medical, business, financial etc), but obviously a lot of us here in particular probably have personal information on various websites that could be very damaging and that could theoretically be compromised.

    The only real thing you can do is avoid compromised sites for awhile. The bug needs the information to be in memory, so not accessing the sensitive information theoretically reduces the risk.

  5. #5

    Default

    So, from what i understand, heartbleed has to do with an issue found in openSSL. Observation: adisc doesn't use ssl encryption between server and client, otherwise you would be connecting to https://www.adisc.org rather than Adult Baby / Diaper Lover / Incontinence Support Community. Adisc doesn't have much of a reason to be encrypting your traffic though, because there really isn't any good identity theft data on here.
    Weather its that heartbleed has interaction with data traffic and it's encryption, or it talks to some special program hole when openssl is being used on the server, i'm personally not sure what , so the fact that adisc doesn't use ssl might or might not even make a difference on how useful heartbleed would be as an attack on adisc's server.

    What does matter, is regardless that there is a weapon of mass destruction (2/3 of internet vulnerable), without ssl, we are kind of a 3rd world country anyway, so if somebody wanted to take advantage of us they could. Any traffic that you send or receive from adisc isn't encrypted, so if somebody wanted to intercept it, they could see exactly what your activity was.

    Main thing, just don't use the same password on adisc as you use anywhere important, that namely has credit card or ssn data.

  6. #6

    Default



    Quote Originally Posted by Tyger View Post
    adisc doesn't use ssl encryption between server and client
    ADISC does support ssl (https://adisc.org). I suspect many people (including myself) use it for obvious reasons.



    Quote Originally Posted by Tyger View Post
    Any traffic that you send or receive from adisc isn't encrypted, so if somebody wanted to intercept it, they could see exactly what your activity was.
    Even with unencrypted data, intercepting data in transit isn't exactly a trivial thing, especially in a sweeping manner that gives you access to multiple targets. Using this exploit however is quite easy. More important than that, this exploit lets you grab data from memory rather than just grabbing information that's in transit.

  7. #7

    Default



    Quote Originally Posted by BoundCoder View Post
    ADISC does support ssl (https://adisc.org). I suspect many people (including myself) use it for obvious reasons.
    Wasn't aware that existed.
    lol, just realized that when i posted the text of the address differences that they automatically posted as links. When i clicked on the https one that i had actually written out, it sent me to the secure address that you also put in.




    Quote Originally Posted by BoundCoder View Post
    Even with unencrypted data, intercepting data in transit isn't exactly a trivial thing, especially in a sweeping manner that gives you access to multiple targets. Using this exploit however is quite easy. More important than that, this exploit lets you grab data from memory rather than just grabbing information that's in transit.
    Ah, yeah, i wasn't certain of how it worked completely with that bug.

  8. #8

    Default

    I am not so worried. Once, after purchasing something online, the store said they suffered a security breech, and my credit card info got stolen. Someone got themselves a Match.com profile and some other 'millionaires' dating site using my credit card! Apparently, they just use your poor ass to get some dating profiles, and from there, that's when they attempt to pull a real scam on some lonely, rich person. Quite evil if you ask me!

    My bank called me saying that unusual activity had taken place. I checked and saw they were right. I filled out a form at my bank, and in about 2 weeks they put the money back that was spent on my debit card. I changed some passwords. It wasn't so bad to have my debit card info stolen. I mean, I wouldn't recommend it... but it wasn't a big deal.

    This heartbleed thingie isn't a virus but it's an old bug from 2012 that probably was used in the past. Hey, maybe that's how they got my info! They'll fix it shortly. I don't mean to be fear-mongering, here, but there's always a way to hack into someone's stuff. Credit card numbers get stolen all the time. Banks are helpful and it's really obvious when your card number was stolen. You might have to make a phone call and fill out a form.

  9. #9

    Default

    I'm an infectious disease scientist. Me and my friends were disappointed to learn the heartbleed virus isn't a human pathogen. That's where my knowledge ends.

  10. #10

    Default



    Quote Originally Posted by bringmesunshine View Post
    As you may all know today the internet is in a massive panic about this new virus that completely unscrambles passwords, works out who you are and dives into your bank accounts to reek havoc - and other things.
    I don't mean to be "that guy"/know it all (Because trust me, i'm far from knowing it all :P), but I'd just like to clear this up a bit.
    I haven't done a lot of research on this, so if what i'm saying is wrong, please correct me.
    Heartbleed is not a virus. A virus is a program that is capable of replicating itself plus delivering a payload. Heartbleed is simply a bug, something hackers can exploit. Think of it sorta like a weak spot in a wall you're trying to get through...
    OpenSSL uses something called the "heartbeat"... Basically, the server sends data to the user (As if to say "Are you there?"), and the user sends some data back (As if to say "Yeah man"). This data is recycled, basically sending the data from previous requests to the user. This data can contain info such as passwords and personal info.
    Again, I don't know a lot on this subject, but this should be a somewhat decent explanation. (:
    (I read this from Engadget I think, so Google "Engadget Heartbleed" or something.)

    - - - Updated - - -



    Quote Originally Posted by AEsahaettr View Post
    I'm an infectious disease scientist. Me and my friends were disappointed to learn the heartbleed virus isn't a human pathogen. That's where my knowledge ends.
    That would be even cooler than Ebola

Similar Threads

  1. A helpful tip for ADISCers.
    By PokeKitty in forum Off-topic
    Replies: 30
    Last Post: 17-Sep-2013, 01:21
  2. Minecraft for ADISCers
    By Moo in forum News
    Replies: 0
    Last Post: 29-Sep-2012, 23:23
  3. Getting to know your fellow ADISCers
    By Peachy in forum Off-topic
    Replies: 81
    Last Post: 03-May-2008, 02:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
ADISC.org - the Adult Baby / Diaper Lover / Incontinence Support Community.
ADISC.org is designed to be viewed in Firefox, with a resolution of at least 1280 x 1024.