Picturesinthefirelight Posted April 13, 2014 Share Posted April 13, 2014 Has balletcoforum put the appropriate patches on the forum? Another well known forum I use was compromised & a list of usernames/ passwords published. Plus the site owner was hacked. I've changed my password there as requested but I use the same one on this forum. The advice is to change passwords only after the patches have been applied or the new password us just as vulnerable. Has this been done? Link to comment Share on other sites More sharing options...
John Mallinson Posted April 13, 2014 Share Posted April 13, 2014 The problem as I understand it would not be with the forum software but with the hosting service. I have asked Invision about that and will let you know what they say. 1 Link to comment Share on other sites More sharing options...
Picturesinthefirelight Posted April 13, 2014 Author Share Posted April 13, 2014 Thank you. Link to comment Share on other sites More sharing options...
John Mallinson Posted April 13, 2014 Share Posted April 13, 2014 I've heard back from Invision: "All of our servers were updated to fix the Heartbleed bug in OpenSSL as soon as the vulnerability was discovered so your forum is secured against it." They reckon that the chance that our site was attacked is very slim indeed, especially as we are not exactly a high value target. If you're worried, change your password and the usual advice about not using the same password on different sites applies. Link to comment Share on other sites More sharing options...
John Mallinson Posted April 13, 2014 Share Posted April 13, 2014 I've had a further message from tech support: Hello, I also just noticed that you don't use SSL, so this would not have affected your site at all, I'm sorry for missing that. You are in the clear with no risk at all. So there we are! 1 Link to comment Share on other sites More sharing options...
Anjuli_Bai Posted April 13, 2014 Share Posted April 13, 2014 I thought this thread would be about a romance gone terribly wrong.... 7 Link to comment Share on other sites More sharing options...
Picturesinthefirelight Posted April 13, 2014 Author Share Posted April 13, 2014 Lol Anjuli Mumsnet was targeted as its fairly high profile - though in a funny not malicious way. I will change my password as I use the same username & password on both sites & a list of mumsnet passwords was published on a website. Link to comment Share on other sites More sharing options...
alison Posted April 13, 2014 Share Posted April 13, 2014 ^^ Oh dear. This is why it's always better to have site-specific passwords - but it is a huge pain, of course. Link to comment Share on other sites More sharing options...
John Mallinson Posted April 13, 2014 Share Posted April 13, 2014 The Telegraph had an article with some useful advice. 1 Link to comment Share on other sites More sharing options...
alison Posted April 17, 2014 Share Posted April 17, 2014 And here's something else which looks useful: https://theconversation.com/explainer-should-you-change-your-password-after-heartbleed-25506 Link to comment Share on other sites More sharing options...
John Mallinson Posted April 17, 2014 Share Posted April 17, 2014 And this too. Link to comment Share on other sites More sharing options...
John Mallinson Posted April 30, 2014 Share Posted April 30, 2014 This just in from the Royal Opera House: HeartBleed Bug: An important updateWhy changing your ROH website password is strongly advised As you may be aware from the news, a security bug called HeartBleed has recently been discovered affecting thousands of websites across the world, including some of the world’s biggest companies like Google and Facebook. The bug has also partially affected one of the technologies that the Royal Opera House website uses, although we have no reason to suspect that the Royal Opera House website was compromised and our servers have been updated to fix the issue. We fixed the issue as soon as it was published, and have been working to ensure our website is as secure as possible. The bug did not affect credit card details because credit card information is managed using a different technology. You have also likely heard from other companies asking you to change your password on their website. As a precaution we would recommend that you change your ROH website password in your account by signing in, selecting your username in the top right of the screen, then clicking ‘password’. Change password here For further information on the bug and how to create a secure password, BBC News have a useful article on password security. Yours sincerely, Rob GreigChief Technology Officer Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now