Sign in to follow this  
DevBlog

Heartbleed information

Recommended Posts

As many of you are aware by now there is a security vulnerability in the OpenSSL cryptographic protocol which has been dubbed Heartbleed.

Our game software is not vulnerable to the bug. We have updated all our web servers with the latest patches.

We have asked our service providers what they have done about this and the ones we could get hold of all responded positively.

Our web hosting company states: “yes, we already updated openssl to the newest version – additional information about this could be found here http://www.hetzner-status.de/en.html

Invision, our forum software company states: “All of our servers were updated to the latest version of OpenSSL to secure them against the Heartbleed bug as soon as the issue was discovered.”

Paypal has made the following statement:

1) Your PayPal account is secure
2) Your PayPal account details were not exposed in the past and remain secure
3) You do not need to take any additional action to safeguard your information
4) There is no need to change your password

(https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568#)

Share this post


Link to post
Share on other sites

Thanks for the update.


 


I was already in the process of going through my passwords list as a precaution, but it's good to hear that there was no need to worry about my Wurm password.


Share this post


Link to post
Share on other sites

Thanks for the transparency on this topic, really appreciate the info.


Share this post


Link to post
Share on other sites

I wasn't aware, nor did paypal inform me. Thanks I suppose. 


Share this post


Link to post
Share on other sites

Hi,
 

Our web hosting company states: “yes, we already updated openssl [...]"
Invision, our forum software company states: “All of our servers were updated to the latest version of OpenSSL [...]"

 

Am I completely wrong with reading this as "your data was vulnerable for long time, and has been compromised with a certain probability, but now we have killed the bug for future times"?

 

That's how I read the incoming messages regarding heartbleed. For sure, I may be wrong. Any other info about this?

 

Have fun!

 

Share this post


Link to post
Share on other sites

Hi,

 

 

Am I completely wrong with reading this as "your data was vulnerable for long time, and has been compromised with a certain probability, but now we have killed the bug for future times"?

 

That's how I read the incoming messages regarding heartbleed. For sure, I may be wrong. Any other info about this?

 

Have fun!

There's no way to claim it was a "certain probability" really, but yes, that response is the standard given from compainies/entities that may have been compromised..

If this is something that makes you nervous, just change your passwords at places you log in.

Share this post


Link to post
Share on other sites

I think its extremely funny that the whole world is now saying "CHANGE YOUR PASSWORD, CHANGE YOUR PASSWORD".


 


What most people forget is that MANY things are still not updated and still have those leaks in them. If you change your password right now the "hackers" will have them for sure, because now is the time they do attacks as everyone can do it now. I think its very stupid to change your password so soon if you aren't sure the company has updated their stuff.


Share this post


Link to post
Share on other sites
Sign in to follow this