Posted April 11, 2014 As many of you are aware by now there is a security vulnerability in the OpenSSL cryptographic protocol which has been dubbed Heartbleed.Our game software is not vulnerable to the bug. We have updated all our web servers with the latest patches.We have asked our service providers what they have done about this and the ones we could get hold of all responded positively.Our web hosting company states: “yes, we already updated openssl to the newest version – additional information about this could be found here http://www.hetzner-status.de/en.html”Invision, our forum software company states: “All of our servers were updated to the latest version of OpenSSL to secure them against the Heartbleed bug as soon as the issue was discovered.”Paypal has made the following statement:1) Your PayPal account is secure2) Your PayPal account details were not exposed in the past and remain secure3) You do not need to take any additional action to safeguard your information4) There is no need to change your password(https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568#) Share this post Link to post Share on other sites
Posted April 11, 2014 Thanks for the update. I was already in the process of going through my passwords list as a precaution, but it's good to hear that there was no need to worry about my Wurm password. Share this post Link to post Share on other sites
Posted April 11, 2014 How about this issue? http://forum.wurmonline.com/index.php?/topic/99642-exposed-security-question-and-answer-what-is-it-for/ Share this post Link to post Share on other sites
Posted April 11, 2014 Thanks for the transparency on this topic, really appreciate the info. Share this post Link to post Share on other sites
Posted April 11, 2014 I wasn't aware, nor did paypal inform me. Thanks I suppose. Share this post Link to post Share on other sites
Posted April 14, 2014 Hi, Our web hosting company states: “yes, we already updated openssl [...]"Invision, our forum software company states: “All of our servers were updated to the latest version of OpenSSL [...]" Am I completely wrong with reading this as "your data was vulnerable for long time, and has been compromised with a certain probability, but now we have killed the bug for future times"? That's how I read the incoming messages regarding heartbleed. For sure, I may be wrong. Any other info about this? Have fun! Share this post Link to post Share on other sites
Posted April 14, 2014 Hi, Am I completely wrong with reading this as "your data was vulnerable for long time, and has been compromised with a certain probability, but now we have killed the bug for future times"? That's how I read the incoming messages regarding heartbleed. For sure, I may be wrong. Any other info about this? Have fun!There's no way to claim it was a "certain probability" really, but yes, that response is the standard given from compainies/entities that may have been compromised..If this is something that makes you nervous, just change your passwords at places you log in. Share this post Link to post Share on other sites
Posted April 14, 2014 FYI, a useful link of what accounts of yours need new passwords. Even though most financial institutions may look ok, chances are your passwords there are the same as passwords in other areas. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ Share this post Link to post Share on other sites
Posted April 14, 2014 I think its extremely funny that the whole world is now saying "CHANGE YOUR PASSWORD, CHANGE YOUR PASSWORD". What most people forget is that MANY things are still not updated and still have those leaks in them. If you change your password right now the "hackers" will have them for sure, because now is the time they do attacks as everyone can do it now. I think its very stupid to change your password so soon if you aren't sure the company has updated their stuff. Share this post Link to post Share on other sites
Posted April 15, 2014 Heartbleed in a nut shell: http://xkcd.com/1354 Share this post Link to post Share on other sites