These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Is the Eve site susceptible to Heartbleed?

First post
Author
Previous Topic Next Topic
Dinsdale Pirannha
Pirannha Corp
#1 - 2014-04-09 12:49:15 UTC
I realize this has been floating around for some time, and the media is just picking it up now, but is the Eve site secure?
Scipio Artelius
Weaponised Vegemite
Flying Dangerous
#2 - 2014-04-09 12:52:46 UTC
You better change your password just to be sure.

The Cartels could take over your account and biomass you (told you theyd put a hit on you).
Tesco Ergo Sum
#3 - 2014-04-09 13:00:17 UTC
Confirming the Internet is dying...

EVE is mostly M$ based so not an issue.
Doc Fury
Furious Enterprises
#4 - 2014-04-09 14:43:01 UTC
Well, CCP did spring for the whole $20 to get a rapidSSL cert, so I for one feel SO much better...

There's a million angry citizens looking down their tubes..at me.
Jessica Danikov
Network Danikov
#5 - 2014-04-09 14:57:26 UTC
If CCP are vulnerable, they need to patch their implementation before everyone runs around changing their passwords

Official input is needed to either indicate they're not vulnerable or that when the vulnerability has been patched and people should be resetting passwords.
KuroVolt
Federal Navy Academy
Gallente Federation
#6 - 2014-04-09 14:59:26 UTC
I DONT KNOW WHAT WE ARE TALKING ABOUT BUT I FOR ONE AM FREAKING OUT MAN!

BoBwins Law: As a discussion/war between two large nullsec entities grows longer, the probability of one comparing the other to BoB aproaches near certainty.
Ramona McCandless
Silent Vale
LinkNet
#7 - 2014-04-09 15:00:30 UTC
Heartbleed - why do you miss when my baby kisses me
heartbleed - why does a love kiss stay in my memory

Piddle dee pat - I know that new love thrills me
I know that true love will be

Heartbleed - why do you miss when my baby kisses me

Heartbleed - why do you skip when my baby's lips meet mine
heartbleed - why do you flip then give me a skip beat sign

Piddle dee pat - and sing to me love stories
and bring to me love’s glories

Heartbleed - why do you miss when my baby kisses me

Hmm clearly it IS vunerable!

"Yea, some dude came in and was normal for first couple months, so I gave him director." - Sean Dunaway

"A singular character could be hired to penetrate another corps space... using gorilla like tactics..." - Chane Morgann
Vipre Morte
Team JK
#8 - 2014-04-09 16:26:04 UTC
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.
Crasniya
Center for Advanced Studies
Gallente Federation
#9 - 2014-04-09 16:28:17 UTC
Vipre Morte wrote:
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.


Because this might actually be considered a bannable offense, even if done for whitehat reasons.

But yeah, CCP runs Microsoft, and the Heartbleed bug is a Linux exploit.

Soraya Xel - Council of Planetary Management 1 - soraya@biomassed.net
Lucretia DeWinter
Sebiestor Tribe
Minmatar Republic
#10 - 2014-04-09 16:34:58 UTC  |  Edited by: Lucretia DeWinter
Crasniya wrote:
Vipre Morte wrote:
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.


Because this might actually be considered a bannable offense, even if done for whitehat reasons.

But yeah, CCP runs Microsoft, and the Heartbleed bug is a Linux exploit.


The po-po also consider this a crime. Be careful with this stuff.
Herzog Wolfhammer
Sigma Special Tactics Group
#11 - 2014-04-09 16:38:39 UTC
Vipre Morte wrote:
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.



I can confirm this.

And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials.

I spent much of yesterday patching servers because of this.


This week, give your system administrators a hug. They'll need it.

Bring back DEEEEP Space!
Crasniya
Center for Advanced Studies
Gallente Federation
#12 - 2014-04-09 16:42:04 UTC
Herzog Wolfhammer wrote:
This week, give your system administrators a hug. They'll need it.


Your system administrators actually likely need a hug every week.

Soraya Xel - Council of Planetary Management 1 - soraya@biomassed.net
handige harrie
Vereenigde Handels Compagnie
#13 - 2014-04-09 16:54:49 UTC
Alyth Nerun
Foundation for CODE and THE NEW ORDER
#14 - 2014-04-09 17:10:05 UTC
They don't actually use real enterprise grade operating systems like Linux.
Dinsdale Pirannha
Pirannha Corp
#15 - 2014-04-09 18:00:34 UTC
Herzog Wolfhammer wrote:
Vipre Morte wrote:
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.



I can confirm this.

And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials.

I spent much of yesterday patching servers because of this.


This week, give your system administrators a hug. They'll need it.


So are saying the the Eve site is OK?
I was hoping CCP would give some kind of response.
Serene Repose
#16 - 2014-04-09 18:19:46 UTC
No. (Subject line question.)
Yes. (OP body question.)

(Still using anti-virus software? CHICKEN!)

We must accommodate the idiocracy.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#17 - 2014-04-09 18:20:03 UTC
Dinsdale Pirannha wrote:
Herzog Wolfhammer wrote:
Vipre Morte wrote:
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.



I can confirm this.

And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials.

I spent much of yesterday patching servers because of this.


This week, give your system administrators a hug. They'll need it.


So are saying the the Eve site is OK?
I was hoping CCP would give some kind of response.



We're saying that CCP don't use (in general) the software that's vulnerable. ( store.eve.com is. But it's run by different people. And the auth wouldn't expose your eve password)

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Dinsdale Pirannha
Pirannha Corp
#18 - 2014-04-09 18:24:06 UTC
Steve Ronuken wrote:
Dinsdale Pirannha wrote:
Herzog Wolfhammer wrote:
Vipre Morte wrote:
I wonder why nobody just tested it? There's an open exploit out there. I just tested against forums.eveonline.com and gate.eveonline.com and it showed that neither were susceptible to the attack.



I can confirm this.

And no the test itself is not a hack or attempted hacking if anybody is wondering. It's just a simple client "hello" request to a server that OpenSSL was responding to with too large a buffer and that buffer, derived from a pointer to memory, could be filled with information - any information - that could randomly contain login credentials.

I spent much of yesterday patching servers because of this.


This week, give your system administrators a hug. They'll need it.


So are saying the the Eve site is OK?
I was hoping CCP would give some kind of response.



We're saying that CCP don't use (in general) the software that's vulnerable. ( store.eve.com is. But it's run by different people. And the auth wouldn't expose your eve password)


OK, thanks.
And yes, you were one of the people I voted for.
Please don't turn out to be one of the null sec plants who hates high sec.
Desivo Delta Visseroff
The Scope
Gallente Federation
#19 - 2014-04-09 18:59:44 UTC
KuroVolt wrote:
I DONT KNOW WHAT WE ARE TALKING ABOUT BUT I FOR ONE AM FREAKING OUT MAN!


When in confusion or in doubt, run in circles, scream and shoutAttentionAttentionAttention

~ Desivo Delta Visseroff

I was hunting for sick loot, but all I could get my hands on were 50 corpses[:|]..............[:=d]
Lugia3
Federal Navy Academy
Gallente Federation
#20 - 2014-04-09 19:54:08 UTC
Desivo Delta Visseroff wrote:
KuroVolt wrote:
I DONT KNOW WHAT WE ARE TALKING ABOUT BUT I FOR ONE AM FREAKING OUT MAN!


When in confusion or in doubt, run in circles, scream and shoutAttentionAttentionAttention

~ Desivo Delta Visseroff

Do you have doubt?

Use C4.

"CCP Dolan is full of shit." - CCP Bettik
12Next page