The Heartbleed Bug and Wonderland Forums (and WonderWiki)
Posted: Sat Apr 19, 2014 11:53 pm
I'm pretty sure you've all heard about the Heartbleed bug, which causes millions of websites to be vulnerable. It works by having the server spit out their data from their RAM, which can contain sensitive information such as your personal information and passwords.
I'd just like to let you know that Wonderland Forums and WonderWiki are NOT affected by this bug.
Here's why:
1. Wonderland Forums and WonderWiki does not make use of SSL technology to secure your actions on the forums.
2. MS's server has OpenSSL 0.9.8 installed (you can verify here), and the Heartbleed bug only affects OpenSSL 1.0.1 and 1.1. WonderWiki server does use the affected versions, but since WonderWiki does not use SSL, you are not affected.
Now obviously I cannot speak for BMTMicro, MS's payment provider, but I am sure they have been working hard to mitigate the vulnerability.
If you are paranoid, do this:
1. Check if the service you use is affected by Heartbleed. If they have not patched, don't do anything on the website! Your information cold be leaked this way (although rather unlikely)
2. Change your passwords AFTER the service has patched their servers. Make sure to use a strong password to make the crackers' job harder.
3. Change your passwords every so often. Avoid using one password for all services - Password Managers like KeyPass and Dashlane should help you with achieving that.
Stay safe!
tyteen4a03
I'd just like to let you know that Wonderland Forums and WonderWiki are NOT affected by this bug.
Here's why:
1. Wonderland Forums and WonderWiki does not make use of SSL technology to secure your actions on the forums.
2. MS's server has OpenSSL 0.9.8 installed (you can verify here), and the Heartbleed bug only affects OpenSSL 1.0.1 and 1.1. WonderWiki server does use the affected versions, but since WonderWiki does not use SSL, you are not affected.
Now obviously I cannot speak for BMTMicro, MS's payment provider, but I am sure they have been working hard to mitigate the vulnerability.
If you are paranoid, do this:
1. Check if the service you use is affected by Heartbleed. If they have not patched, don't do anything on the website! Your information cold be leaked this way (although rather unlikely)
2. Change your passwords AFTER the service has patched their servers. Make sure to use a strong password to make the crackers' job harder.
3. Change your passwords every so often. Avoid using one password for all services - Password Managers like KeyPass and Dashlane should help you with achieving that.
Stay safe!
tyteen4a03