Jump to content

TRF passwords and the Heartbleed exploit


1-0-0-1-0-0-1
 Share

Recommended Posts

For those who don't know what the Heartbleed exploit is, read up on it here: http://en.wikipedia.org/wiki/Heartbleed

 

We installed the security patch for this Heartbleedin' bastard onto the server yesterday morning, so we should be fine, but as a precaution we would advise all of you to change your TRF passwords at your earliest convenience.

 

And PLEASE do whatever you have to do to not forget your new password!

  • Like 2
Link to comment
Share on other sites

Just a tip if you guys want to make super awesomely complex passwords without memorizing them:

 

There's this program called keepass. If you install it on a computer you know is secure (like a home desktop), you can use it to generate passwords and keep track of your passwords. The program itself is password protected, so you do have to memorize that one password. The saved data is also encrypted and I believe you can choose the kind of encryption if you don't like the default one.

 

128 bit encryption ftw. Want to break into my account? See you in 2 million years. :hi:

Link to comment
Share on other sites

Is that Wiki in English?... :sigh: :D

 

The best explanation of heartbleed I can find:

 

http://imgs.xkcd.com/comics/heartbleed_explanation.png

  • Like 1
Link to comment
Share on other sites

Sorry I suck really bad. Appreciate the effort however.... :codger:

 

Pretend the server is a parrot, except it needs the length of the word you want it to repeat. So you tell the parrot a short word and then claim the word is actually super super long. Well the parrot then tries to repeat what you said, but instead of stopping at the length of the super short word, it starts repeating other things it heard so that it can match the length you gave it.

 

Now if this parrot were in TRF HQ, it has heard every post, every password from people trying to log in, etc.

Link to comment
Share on other sites

Sorry I suck really bad. Appreciate the effort however.... :codger:

 

Pretend the server is a parrot, except it needs the length of the word you want it to repeat. So you tell the parrot a short word and then claim the word is actually super super long. Well the parrot then tries to repeat what you said, but instead of stopping at the length of the super short word, it starts repeating other things it heard so that it can match the length you gave it.

 

Now if this parrot were in TRF HQ, it has heard every post, every password from people trying to log in, etc.

 

I kind of love this explanation :yes: Even though it doesn't really clear anything up for me... :LOL:

  • Like 2
Link to comment
Share on other sites

Sorry I suck really bad. Appreciate the effort however.... :codger:

 

Pretend the server is a parrot, except it needs the length of the word you want it to repeat. So you tell the parrot a short word and then claim the word is actually super super long. Well the parrot then tries to repeat what you said, but instead of stopping at the length of the super short word, it starts repeating other things it heard so that it can match the length you gave it.

 

Now if this parrot were in TRF HQ, it has heard every post, every password from people trying to log in, etc.

 

I kind of love this explanation :yes: Even though it doesn't really clear anything up for me... :LOL:

I bet and me either... :LOL:
Link to comment
Share on other sites

Just a tip if you guys want to make super awesomely complex passwords without memorizing them:

 

There's this program called keepass. If you install it on a computer you know is secure (like a home desktop), you can use it to generate passwords and keep track of your passwords. The program itself is password protected, so you do have to memorize that one password. The saved data is also encrypted and I believe you can choose the kind of encryption if you don't like the default one.

 

128 bit encryption ftw. Want to break into my account? See you in 2 million years. :hi:

Appreciate the tip, but "keepass" sounds like something else...

  • Like 3
Link to comment
Share on other sites

Is that Wiki in English?... :sigh: :D

 

The best explanation of heartbleed I can find:

 

http://imgs.xkcd.com/comics/heartbleed_explanation.png

 

I <3 xkcd.

  • Like 1
Link to comment
Share on other sites

Back when the internets were new-ish.... mid 90's... did anyone ever hack email? I used to do it all the time... connect to the email server and you could change your domain and user name. I used to send friends emails all the time from "Brett.Favre@Packers.com" or some similar crap like that. Was such a playland before security :)
Link to comment
Share on other sites

Just a tip if you guys want to make super awesomely complex passwords without memorizing them:

 

There's this program called keepass. If you install it on a computer you know is secure (like a home desktop), you can use it to generate passwords and keep track of your passwords. The program itself is password protected, so you do have to memorize that one password. The saved data is also encrypted and I believe you can choose the kind of encryption if you don't like the default one.

 

128 bit encryption ftw. Want to break into my account? See you in 2 million years. :hi:

Appreciate the tip, but "keepass" sounds like something else...

 

Sigh. Should have seen that one coming...

 

http://i.imgur.com/5qMmBKC.png

Link to comment
Share on other sites

For those who don't know what the Heartbleed exploit is, read up on it here: http://en.wikipedia.org/wiki/Heartbleed

 

We installed the security patch for this Heartbleedin' bastard onto the server yesterday morning, so we should be fine, but as a precaution we would advise all of you to change your TRF passwords at your earliest convenience.

 

And PLEASE do whatever you have to do to not forget your new password!

 

If I change my password and the Forum won't let me in, I'm sending you an email..! :P

  • Like 1
Link to comment
Share on other sites

I haven't as far as I know. To be honest I am not even sure what one (alert) looks like....
Link to comment
Share on other sites

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

Edited by USB Connector
Link to comment
Share on other sites

Oh man, I am completely not looking forward to trying to re-log-in from my damn Fire. For some reason the TRF mobile view isn't good on the Fire, so it's a lot of weird maneuvering around to get it to the point where I can actually enter passwords. So I tend to stay logged in there.

 

Sigh.

Link to comment
Share on other sites

And PLEASE do whatever you have to do to not forget your new password!

 

Um... If you forget your password you can just click "I forgot my password".

 

Of course, but every once in a while we get emails from people who either don't know how to use that feature, or don't know it exists (despite the link being right there on the login page). Or, if they're fairly new, they'll create a new account rather than try to fix their password. Seeing those instances increase with more people than usual trying to change their passwords is something we'd like to avoid. Just giving the people some friendly advice is all. :)

  • Like 1
Link to comment
Share on other sites

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

Link to comment
Share on other sites

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

Link to comment
Share on other sites

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

 

Sorry. It is MALWARE. My brain is running on empty.

Link to comment
Share on other sites

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

 

Sorry. It is MALWARE. My brain is running on empty.

My brain must always be empty because I don't know what any of this is or understand it at all. I don't even know how to change my password if I wanted too... :LOL:
Link to comment
Share on other sites

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

 

Sorry. It is MALWARE. My brain is running on empty.

My brain must always be empty because I don't know what any of this is or understand it at all. I don't even know how to change my password if I wanted too... :LOL:

 

Neither can I - I'm too attached to mine. :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...