Jump to content

TRF passwords and the Heartbleed exploit

1-0-0-1-0-0-1

By 1-0-0-1-0-0-1
in Random Samples

 Share

Recommended Posts

1-0-0-1-0-0-1

1-0-0-1-0-0-1

Posted
Posted

For those who don't know what the Heartbleed exploit is, read up on it here: http://en.wikipedia.org/wiki/Heartbleed

 

We installed the security patch for this Heartbleedin' bastard onto the server yesterday morning, so we should be fine, but as a precaution we would advise all of you to change your TRF passwords at your earliest convenience.

 

And PLEASE do whatever you have to do to not forget your new password!

  • Like 2
Narps

Narps

Posted
Posted (edited)
Is that Wiki in English?... :sigh: :D Edited by Narpski
USB Connector

USB Connector

Posted
Posted

Just a tip if you guys want to make super awesomely complex passwords without memorizing them:

 

There's this program called keepass. If you install it on a computer you know is secure (like a home desktop), you can use it to generate passwords and keep track of your passwords. The program itself is password protected, so you do have to memorize that one password. The saved data is also encrypted and I believe you can choose the kind of encryption if you don't like the default one.

 

128 bit encryption ftw. Want to break into my account? See you in 2 million years. :hi:

USB Connector

USB Connector

Posted
Posted

Is that Wiki in English?... :sigh: :D

 

The best explanation of heartbleed I can find:

 

http://imgs.xkcd.com/comics/heartbleed_explanation.png

  • Like 1
Narps

Narps

Posted
Posted
Sorry I suck really bad. Appreciate the effort however.... :codger:
  • Like 1
USB Connector

USB Connector

Posted
Posted

Sorry I suck really bad. Appreciate the effort however.... :codger:

 

Pretend the server is a parrot, except it needs the length of the word you want it to repeat. So you tell the parrot a short word and then claim the word is actually super super long. Well the parrot then tries to repeat what you said, but instead of stopping at the length of the super short word, it starts repeating other things it heard so that it can match the length you gave it.

 

Now if this parrot were in TRF HQ, it has heard every post, every password from people trying to log in, etc.

GeddysMullet

GeddysMullet

Posted
Posted

Sorry I suck really bad. Appreciate the effort however.... :codger:

 

Pretend the server is a parrot, except it needs the length of the word you want it to repeat. So you tell the parrot a short word and then claim the word is actually super super long. Well the parrot then tries to repeat what you said, but instead of stopping at the length of the super short word, it starts repeating other things it heard so that it can match the length you gave it.

 

Now if this parrot were in TRF HQ, it has heard every post, every password from people trying to log in, etc.

 

I kind of love this explanation :yes: Even though it doesn't really clear anything up for me... :LOL:

  • Like 2
Narps

Narps

Posted
Posted

Sorry I suck really bad. Appreciate the effort however.... :codger:

 

Pretend the server is a parrot, except it needs the length of the word you want it to repeat. So you tell the parrot a short word and then claim the word is actually super super long. Well the parrot then tries to repeat what you said, but instead of stopping at the length of the super short word, it starts repeating other things it heard so that it can match the length you gave it.

 

Now if this parrot were in TRF HQ, it has heard every post, every password from people trying to log in, etc.

 

I kind of love this explanation :yes: Even though it doesn't really clear anything up for me... :LOL:

I bet and me either... :LOL:
laughedatbytime

laughedatbytime

Posted
Posted

Just a tip if you guys want to make super awesomely complex passwords without memorizing them:

 

There's this program called keepass. If you install it on a computer you know is secure (like a home desktop), you can use it to generate passwords and keep track of your passwords. The program itself is password protected, so you do have to memorize that one password. The saved data is also encrypted and I believe you can choose the kind of encryption if you don't like the default one.

 

128 bit encryption ftw. Want to break into my account? See you in 2 million years. :hi:

Appreciate the tip, but "keepass" sounds like something else...

  • Like 3
x1yyz

x1yyz

Posted
Posted

Is that Wiki in English?... :sigh: :D

 

The best explanation of heartbleed I can find:

 

http://imgs.xkcd.com/comics/heartbleed_explanation.png

 

I <3 xkcd.

  • Like 1
Lost In Xanadu

Lost In Xanadu

Posted
Posted
Back when the internets were new-ish.... mid 90's... did anyone ever hack email? I used to do it all the time... connect to the email server and you could change your domain and user name. I used to send friends emails all the time from "Brett.Favre@Packers.com" or some similar crap like that. Was such a playland before security :)
USB Connector

USB Connector

Posted
Posted

Just a tip if you guys want to make super awesomely complex passwords without memorizing them:

 

There's this program called keepass. If you install it on a computer you know is secure (like a home desktop), you can use it to generate passwords and keep track of your passwords. The program itself is password protected, so you do have to memorize that one password. The saved data is also encrypted and I believe you can choose the kind of encryption if you don't like the default one.

 

128 bit encryption ftw. Want to break into my account? See you in 2 million years. :hi:

Appreciate the tip, but "keepass" sounds like something else...

 

Sigh. Should have seen that one coming...

 

http://i.imgur.com/5qMmBKC.png

Babycat

Babycat

Posted
Posted

For those who don't know what the Heartbleed exploit is, read up on it here: http://en.wikipedia.org/wiki/Heartbleed

 

We installed the security patch for this Heartbleedin' bastard onto the server yesterday morning, so we should be fine, but as a precaution we would advise all of you to change your TRF passwords at your earliest convenience.

 

And PLEASE do whatever you have to do to not forget your new password!

 

If I change my password and the Forum won't let me in, I'm sending you an email..! :P

  • Like 1
Narps

Narps

Posted
Posted
I haven't as far as I know. To be honest I am not even sure what one (alert) looks like....
USB Connector

USB Connector

Posted
Posted (edited)

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

Edited by USB Connector
Mara

Mara

Posted
Posted

Oh man, I am completely not looking forward to trying to re-log-in from my damn Fire. For some reason the TRF mobile view isn't good on the Fire, so it's a lot of weird maneuvering around to get it to the point where I can actually enter passwords. So I tend to stay logged in there.

 

Sigh.

Mike2112

Mike2112

Posted
Posted

And PLEASE do whatever you have to do to not forget your new password!

 

Um... If you forget your password you can just click "I forgot my password".

1-0-0-1-0-0-1

1-0-0-1-0-0-1

Posted
  • Author
Posted

And PLEASE do whatever you have to do to not forget your new password!

 

Um... If you forget your password you can just click "I forgot my password".

 

Of course, but every once in a while we get emails from people who either don't know how to use that feature, or don't know it exists (despite the link being right there on the login page). Or, if they're fairly new, they'll create a new account rather than try to fix their password. Seeing those instances increase with more people than usual trying to change their passwords is something we'd like to avoid. Just giving the people some friendly advice is all. :)

  • Like 1
Lorraine

Lorraine

Posted
Posted

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

Babycat

Babycat

Posted
Posted

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

Lorraine

Lorraine

Posted
Posted

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

 

Sorry. It is MALWARE. My brain is running on empty.

Narps

Narps

Posted
Posted

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

 

Sorry. It is MALWARE. My brain is running on empty.

My brain must always be empty because I don't know what any of this is or understand it at all. I don't even know how to change my password if I wanted too... :LOL:
Babycat

Babycat

Posted
Posted

Has anyone else had problems with Spyware alerts when here, especially when PMs come through?

 

Some people's (not mentioning names) sigs and/or avatars (didn't really bother figuring out which) seem to link to trackers or some sort of script, but beyond that I haven't had any issue.

If I am the only one here that it has happened to, now I'm paranoid. :ph34r:

 

I have no idea what Spyware is. Either way, I've had no problems with PMs.

 

Sorry. It is MALWARE. My brain is running on empty.

My brain must always be empty because I don't know what any of this is or understand it at all. I don't even know how to change my password if I wanted too... :LOL:

 

Neither can I - I'm too attached to mine. :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...