BBO Discussion Forums: My heart bleeds for the hackers - BBO Discussion Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

My heart bleeds for the hackers

#1 User is offline   1eyedjack 

  • PipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 6,575
  • Joined: 2004-March-12
  • Gender:Male
  • Location:UK

Posted 2014-April-09, 23:35

All the hackers out there in the world must be cursing Heartbleed, I reckon. All those thousands of compromised accounts and stored up passwords that they had, which had NOTHING to do with Heartbleed, are now going to get changed by a population who have suddenly woken up to the importance of changing them. Ha Ha.
Psych (pron. saik): A gross and deliberate misstatement of honour strength and/or suit length. Expressly permitted under Law 73E but forbidden contrary to that law by Acol club tourneys.

Psyche (pron. sahy-kee): The human soul, spirit or mind (derived, personification thereof, beloved of Eros, Greek myth).
Masterminding (pron. mPosted ImagesPosted ImagetPosted Imager-mPosted ImagendPosted Imageing) tr. v. - Any bid made by bridge player with which partner disagrees.

"Gentlemen, when the barrage lifts." 9th battalion, King's own Yorkshire light infantry,
2000 years earlier: "morituri te salutant"

"I will be with you, whatever". Blair to Bush, precursor to invasion of Iraq
0

#2 User is offline   PassedOut 

  • PipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 3,678
  • Joined: 2006-February-21
  • Location:Upper Michigan
  • Interests:Music, films, computer programming, politics, bridge

Posted 2014-April-10, 08:57

Good subject line.
:D
The growth of wisdom may be gauged exactly by the diminution of ill temper. — Friedrich Nietzsche
The infliction of cruelty with a good conscience is a delight to moralists — that is why they invented hell. — Bertrand Russell
0

#3 User is offline   kenberg 

  • PipPipPipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 11,225
  • Joined: 2004-September-22
  • Location:Northern Maryland

Posted 2014-April-10, 09:04

I should change my password?

I try to be good. I eat my veggies. I go for walks. I count high card points. Change my password? I suppose the next things is that I will have to fasten my seatbelt.
Ken
1

#4 User is offline   mycroft 

  • Secretary Bird
  • PipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 7,435
  • Joined: 2003-July-12
  • Gender:Male
  • Location:Calgary, D18; Chapala, D16

Posted 2014-April-10, 10:54

Yeah, this is probably the time to make my keepass database actually the way it should be - every account with a different, random password...
When I go to sea, don't fear for me, Fear For The Storm -- Birdie and the Swansong (tSCoSI)
0

#5 User is offline   ggwhiz 

  • PipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 3,952
  • Joined: 2008-June-23
  • Gender:Male

Posted 2014-April-10, 10:55

The Canada Revenue Agency is extending the tax deadline by the amount of time e-filing and other services are unavailable.

In a further system enhancement late penalties and interest will now be charged on a per minute (or part thereof rounded up) with a new deadline of May 3rd at 1:52:14 am. The heartbleed reports were developed in cooperation between the NSA and CSIS as cover for this important tax enhancement and the bonus revenue they scoop from the overtime earnings of IT consultants in every major industry.
When a deaf person goes to court is it still called a hearing?
What is baby oil made of?
0

#6 User is offline   PassedOut 

  • PipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 3,678
  • Joined: 2006-February-21
  • Location:Upper Michigan
  • Interests:Music, films, computer programming, politics, bridge

Posted 2014-April-10, 11:24

 mycroft, on 2014-April-10, 10:54, said:

Yeah, this is probably the time to make my keepass database actually the way it should be - every account with a different, random password...

Same here. We had mostly done that, but found a couple of old passwords still in the database. Then we make sure that the Keepass password is not stored electronically.
The growth of wisdom may be gauged exactly by the diminution of ill temper. — Friedrich Nietzsche
The infliction of cruelty with a good conscience is a delight to moralists — that is why they invented hell. — Bertrand Russell
0

#7 User is offline   sharon j 

  • PipPipPip
  • Group: Full Members
  • Posts: 82
  • Joined: 2005-December-27
  • Location:San Tan Valley Arizona
  • Interests:golf, boating, camping

Posted 2014-April-11, 09:24

Do all passwords need to be changed? I have a very long list. Should we only change passwords to financial and personal accounts?
Probably a stupid question, but I really need some advice.
0

#8 User is offline   mycroft 

  • Secretary Bird
  • PipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 7,435
  • Joined: 2003-July-12
  • Gender:Male
  • Location:Calgary, D18; Chapala, D16

Posted 2014-April-11, 09:38

any password that is ever used for any site that you think you need to protect from either:
- people logging in and reading your stuff, or
- people logging in and taking your stuff, or
- people logging in and ruining your reputation by pretending to be you

needs to be changed, *after* it has been proven to either not be affected by the bug, or that it has been fixed. If you change it while it's still vulnerable, it's *more* likely to be compromised than if you don't do anything with it (as it's a "I can read traffic" bug, not a "I can crack passwords" bug).

Sure, change financial and personal accounts; but any account that used that same password (which shouldn't happen, but I know it does) needs to change as well.

This may be time to change to a password locker (I use KeePass), where:
- you can have different passwords to each account (database accessed through a single passphrase - which should be harder to crack than any password, if you do it right)
- it will assist you populating the password into the application (so there are several applications I've never even seen the password to), and
- it can expire passwords and "force" you to change them on regular intervals (and in normal situations, this is a minor task; I will admit, changing *everything* all at once is a headache, as each change does take about twice the time it would without the locker. However, the passwords almost never fail app's "too easy" policies, so you don't have to rework them (sometimes they violate their "too hard" policies, though - "Password must be between 8 and 15 characters" (why?))

Now the issue with *that* is the NSA worry - if someone puts a keylogger on your device, they get the master passphrase, and then after stealing your locker, have *all* your passwords. But that's still less likely (unless you count the NSA) than someone getting one, and then using it to compromise all the accounts you use that password on (because you only have 3).
When I go to sea, don't fear for me, Fear For The Storm -- Birdie and the Swansong (tSCoSI)
0

#9 User is offline   Vampyr 

  • PipPipPipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 10,611
  • Joined: 2009-September-15
  • Gender:Female
  • Location:London

Posted 2014-April-11, 09:53

What is this all about?
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones -- Albert Einstein
0

#10 User is offline   barmar 

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Group: Admin
  • Posts: 21,594
  • Joined: 2004-August-21
  • Gender:Male

Posted 2014-April-11, 10:08

 Vampyr, on 2014-April-11, 09:53, said:

What is this all about?

The Heartbleed bug that affects most web sites. It's been all over the news for the past couple of days.

http://heartbleed.com/

#11 User is offline   barmar 

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Group: Admin
  • Posts: 21,594
  • Joined: 2004-August-21
  • Gender:Male

Posted 2014-April-11, 10:16

As usual, XKCD is right on top of this.

Posted Image

And the tooltip that pops up when you hover over the cartoon at the real site is

Spoiler


#12 User is offline   sharon j 

  • PipPipPip
  • Group: Full Members
  • Posts: 82
  • Joined: 2005-December-27
  • Location:San Tan Valley Arizona
  • Interests:golf, boating, camping

Posted 2014-April-12, 08:16

thanks so much for the help
0

#13 User is offline   jallerton 

  • PipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 1,796
  • Joined: 2008-September-12
  • Gender:Male

Posted 2014-April-14, 12:22

I have a question for BBO.

Are the passwords used to log in to BBO/BBO Forums potentially vulnerable to 'Heartbleed'?
0

#14 User is offline   FM75 

  • PipPipPipPip
  • Group: Full Members
  • Posts: 496
  • Joined: 2009-December-12

Posted 2014-April-14, 17:34

 jallerton, on 2014-April-14, 12:22, said:

I have a question for BBO.

Are the passwords used to log in to BBO/BBO Forums potentially vulnerable to 'Heartbleed'?


If you want the answer to that, post the question on one of the BBO forums. They are vulnerable if people stored them on some other public site. If the question is a BBO security question, then it boils down to whether they used the affected versions of the OpenSSL software.

Best advice. Just change your password. - (BBO bucks are not very fungible - so you probably have nothing to worry about.) But if they were vulnerable, they will remain vulnerable until they change the software version with which they built the system.



0

#15 User is offline   jallerton 

  • PipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 1,796
  • Joined: 2008-September-12
  • Gender:Male

Posted 2014-April-15, 01:22

Thanks. I have taken your advice and have posed the question on the general BBO Discussion Forum.
0

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users