Heartbleed

[Picturesinthefirelight]

Has balletcoforum put the appropriate patches on the forum?

 

Another well known forum I use was compromised & a list of usernames/ passwords published. Plus the site owner was hacked.

 

I've changed my password there as requested but I use the same one on this forum.

 

The advice is to change passwords only after the patches have been applied or the new password us just as vulnerable.

 

Has this been done?

[John Mallinson]

The problem as I understand it would not be with the forum software but with the hosting service. I have asked Invision about that and will let you know what they say.

[Picturesinthefirelight]

Thank you.

[John Mallinson]

I've heard back from Invision:

 

"All of our servers were updated to fix the Heartbleed bug in OpenSSL as soon as the vulnerability was discovered so your forum is secured against it."

 

They reckon that the chance that our site was attacked is very slim indeed, especially as we are not exactly a high value target. If you're worried, change your password and the usual advice about not using the same password on different sites applies.

[John Mallinson]

I've had a further message from tech support:

 

Hello, I also just noticed that you don't use SSL, so this would not have affected your site at all, I'm sorry for missing that.

 

You are in the clear with no risk at all.

 

So there we are!

[Anjuli_Bai]

I thought this thread would be about a romance gone terribly wrong....

[Picturesinthefirelight]

Lol Anjuli

 

Mumsnet was targeted as its fairly high profile - though in a funny not malicious way.

 

I will change my password as I use the same username & password on both sites & a list of mumsnet passwords was published on a website.

[alison]

^^ Oh dear.

 

This is why it's always better to have site-specific passwords - but it is a huge pain, of course.

[John Mallinson]

The Telegraph had an article with some useful advice.

[alison]

And here's something else which looks useful: https://theconversation.com/explainer-should-you-change-your-password-after-heartbleed-25506

[John Mallinson]

And this too.

[John Mallinson]

This just in from the Royal Opera House:

 

HeartBleed Bug: An important update
Why changing your ROH website password is strongly advised

 

As you may be aware from the news, a security bug called HeartBleed has recently been discovered affecting thousands of websites across the world, including some of the world’s biggest companies like Google and Facebook.

The bug has also partially affected one of the technologies that the Royal Opera House website uses, although we have no reason to suspect that the Royal Opera House website was compromised and our servers have been updated to fix the issue.

We fixed the issue as soon as it was published, and have been working to ensure our website is as secure as possible. The bug did not affect credit card details because credit card information is managed using a different technology.

You have also likely heard from other companies asking you to change your password on their website. As a precaution we would recommend that you change your ROH website password in your account by signing in, selecting your username in the top right of the screen, then clicking ‘password’.

Change password here

For further information on the bug and how to create a secure password, BBC News have a useful article on password security.

Yours sincerely,

Rob Greig
Chief Technology Officer