Smitefire logo

Join the leading SMITE community.
Create and share God Guides and Builds.

Create an MFN Account






Or

Heartbleed and You

Please review our General Rules & Guidelines before posting or commenting anywhere on SmiteFire.

Forum » Support » Heartbleed and You 2 posts - page 1 of 1
Permalink | Quote | +Rep by Mowen » April 9, 2014 7:03pm | Report
I'm sure you guys have heard of the "Heartbleed" bug. If not, you can read about it here;

http://heartbleed.com/

There is a bug in a security package, utilized almost everywhere on the internet, that in the right conditions could allow an attacker to steal key/password information and potentially even gain access to the server. The bug has been in the wild for about 2 years and was only recently discovered, and subsequently revealed (by the "good guys") a couple days ago.

I just wanted to let you guys know what action we have taken, what the risks are, and what action YOU might want to take.

Action We Have Taken



Fixes for this bug were issued almost immediately by vendors. We updated all of our servers and software with the fixed versions right away, and have been monitoring for additional patches. All of our sites sit behind CloudFlare, who were involved in handling this issue before it even went public, so they were patched already. Our host is rock solid and has taken all necessary measures to protect themselves and their networks.

Potential Risks



In terms of our sites, things are pretty safe. We patched immediately, we are relatively "sheltered" behind CloudFlare, we have a very reliable and trusted host, and we have security standards of our own to minimize the risk of attack, including this.

The most sensitive information that could be gained from a compromise on one of our servers is your encrypted passwords. However they would be next to useless to an attacker, as they are salted and stretched using a powerful hashing algorithm.

We have no reason to believe any such attack occurred, and we are safe from any future attack related to this bug.

In terms of the greater internet, there is a risk that any information you have stored on any website could potentially have been compromised, including your passwords or financial information. This is especially so for any websites that have not yet, or do not, patch their software for this bug now that it is out in the open.

What Should I Do?



This attack affects the entire internet. Change your passwords on critical sites. Start with your email and financial accounts. Use unique passwords on each of these sites to prevent a compromise on a weaker site from allowing attackers into your accounts on stronger sites. Ask the owners of sites you use, especially small independent sites, if they have taken the necessary measures. There are some tools to help test sites, such as;

http://filippo.io/Heartbleed/

I think that covers it. If you have any other questions or concerns, fire away!

Mowen
<Production Coordinator>


Distinguished (57)
Posts: 852
View My Blog
Permalink | Quote | +Rep by HammaSmite » July 16, 2014 7:20pm | Report
Ah.... Thanks Mowen, I'm scared now..
random thanatos main has appeared
    Attack
    Kill Secure
    Run
    Catch

HammaSmite


Remarkable (7)
Posts: 344
View My Blog

Quick Reply

Please log in or sign up to post!

SMITEFire is the place to find the perfect build guide to take your game to the next level. Learn how to play a new god, or fine tune your favorite SMITE gods’s build and strategy.

Copyright © 2019 SMITEFire | All Rights Reserved

} } } } }