PlanetZ forums - scopeusers.com

Anyone know if this forum & its password system is affected by the so called heartbleed bug that's currently in the news?

as i understand it, even if it was, there's very little that a bad guy could actually do with the info, other than post in your name.

I don't think typical communications are https on boards like this. So you're always vulnerable

your login password could be stolen tho...and if you (against all recommendations) use it also elsewhere...and they know where that is...

hmm, I remember an angry forum member knew to find my full name and physical adres and posted it here.
Personal tracks on the internet are everywhere, combinations are always possible.

As you can automaticly login on Planetz it doesn't hurt to change password, but you would have to repeat it in the next future as it takes some times befor the leaks on all infected servers will be bunged.

I feel it's time to use a keypass manager anyway.

jksuperstar wrote:I don't think typical communications are https on boards like this. So you're always vulnerable

That's essentially correct. phpbb doesn't use https, so passwords, etc are sent in the clear instead of encrypted.
Of course the password is stored encrypted in the phpbb database.
But anyone snooping on network traffic could grab your password when you log in.

-John

They can only capture random bits of data which are being processed during the attack anyway.