Heartbleed

Post by **Neil B** » Sat Apr 12, 2014 10:58 pm

Anyone know if this forum & its password system is affected by the so called heartbleed bug that's currently in the news?

Post by **garyb** » Sun Apr 13, 2014 9:35 am

as i understand it, even if it was, there's very little that a bad guy could actually do with the info, other than post in your name.

jksuperstar · Post by **jksuperstar** » Sun Apr 13, 2014 10:45 am

I don't think typical communications are https on boards like this. So you're always vulnerable

Post by **hubird** » Sun Apr 13, 2014 2:38 pm

your login password could be stolen tho...and if you (against all recommendations) use it also elsewhere...and they know where that is...

hmm, I remember an angry forum member knew to find my full name and physical adres and posted it here.
Personal tracks on the internet are everywhere, combinations are always possible.

As you can automaticly login on Planetz it doesn't hurt to change password, but you would have to repeat it in the next future as it takes some times befor the leaks on all infected servers will be bunged.

I feel it's time to use a keypass manager anyway.

John Cooper · Post by **John Cooper** » Fri Apr 18, 2014 1:16 pm

jksuperstar wrote:I don't think typical communications are https on boards like this. So you're always vulnerable

That's essentially correct. phpbb doesn't use https, so passwords, etc are sent in the clear instead of encrypted.
Of course the password is stored encrypted in the phpbb database.
But anyone snooping on network traffic could grab your password when you log in.

-John

braincell · Post by **braincell** » Tue Apr 22, 2014 5:42 am

They can only capture random bits of data which are being processed during the attack anyway.

PlanetZ forums - scopeusers.com

Heartbleed

Heartbleed

Re: Heartbleed

Re: Heartbleed

Re: Heartbleed

Re: Heartbleed

Re: Heartbleed