+- Forums - Open Redstone Engineers (https://forum.openredstone.org)
+-- Forum: Announcements (https://forum.openredstone.org/forum-102.html)
+--- Forum: Announcements (https://forum.openredstone.org/forum-7.html)
+--- Thread: Mojang Heartbleed Recommendation (/thread-3080.html)
Mojang Heartbleed Recommendation - redstonewarrior - 04-10-2014
As you may have heard, OpenSSL's heartbleed bug has made an incredible number of sites vulnerable to a relatively simple attack. Our lovely gamedevs were also affected. Mojang has advised that minecraft users change their passwords as soon as possible. As heartbleed may have affected up to 2/3rds of online services, it is also recommended you change the passwords to your other accounts.
Note: As openredstone.org doesn't use SSL (we haven't bought a signature), you don't need to bother changing your passwords here; unless you have used the password elsewhere.
RE: Mojang Heartbleed Recommendation - David - 04-10-2014
Thanks for mentioning! Wouldn't have found this out myself...
RE: Mojang Heartbleed Recommendation - Apuly - 04-11-2014
It has also been adviced to change your facebook and google account password. They were effected as well, but they have already resolved the problem.
It's not adviced to change passwords for sites who havn't confirmed to fix the problem, because then hackers meight get access to both your old and your new password.
RE: Mojang Heartbleed Recommendation - Xray_Doc - 04-11-2014
How did they let this happen, and why wasn't it fixed sooner
RE: Mojang Heartbleed Recommendation - Apuly - 04-11-2014
It was only discovered a couple of days ago.
The two people who found it wanted to wait with making it public, so that companies would have time to fix it, but at some point they just went 'fuck it' and made it public.
For as far as I know.
Why was it discovered only now? Don't ask me. I'm not Jeesus.
RE: Mojang Heartbleed Recommendation - redstonewarrior - 04-11-2014
OpenSSL is a free and open source software library. It's used on at least 2/3rds of the webservers on the internet (ssl enabled.) This is the result of a bug introduced two years ago that was not noticed until now. Most groups have installed the patch at this point.