"Heartbleed" vulnerability plugged.
Moderators: FranklinDM, Lootyhoof
"Heartbleed" vulnerability plugged.
Just to let people know: All of Pale Moon's SSL-enabled services (forum login pages, XMPP server, etc. etc.) have been patched up to prevent exploitation of the heartbleed bug.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Re: "Heartbleed" vulnerability plugged.
What about new certs? As I understood, the privatekeys could have been stolen without knowledge.
Re: "Heartbleed" vulnerability plugged.
Most services are protected by Cloudflare (who have been vigilant in starting a staged re-issue immediately after fixing their cloud edge). The ones that aren't, are low priority and new certs will either be issued when the current ones expire (in a few months) or if I move to wildcard certs. before then.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: "Heartbleed" vulnerability plugged.
It's very wise to change your PW.
Not much info, but here. https://lastpass.com/heartbleed/?h=forum.palemoon.org
Ongoing discussion.
Very informative information.
https://bitcointalk.org/index.php?topic=567590.0
Not much info, but here. https://lastpass.com/heartbleed/?h=forum.palemoon.org
Ongoing discussion.
Very informative information.
https://bitcointalk.org/index.php?topic=567590.0
Re: "Heartbleed" vulnerability plugged.
The lastpass "check" doesn't really say anything - And no, I didn't jump on getting new certificates straight away, as said. It's low priority.
If you're worried that your password might have been stolen, you can always change your password (it's enforced once per year anyway), but considering the way the forum is set up, password details for forum logins would not be anywhere near the potentially readable server memory addresses through heartbleed.
If you're worried that your password might have been stolen, you can always change your password (it's enforced once per year anyway), but considering the way the forum is set up, password details for forum logins would not be anywhere near the potentially readable server memory addresses through heartbleed.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
- Night Wing
- Knows the dark side
- Posts: 5172
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: "Heartbleed" vulnerability plugged.
If my password for this site would have been compromised, I would have already noticed it a long time ago. I'm not that paranoid because of all the "sky is falling" talk going on with Heartbleed.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: "Heartbleed" vulnerability plugged.
MozillaUser233 wrote:Not much info, but here. https://lastpass.com/heartbleed/?h=forum.palemoon.org
Holy moly! Pale Moon has been around since the 1970s!The current cert has not been seen before and we have seen older certificates, likely now safe (4 decades ago)
Re: "Heartbleed" vulnerability plugged.
Note: The forum is running on an OpenSSL version that was never vulnerable (0.9.8 branch) so nothing could have been compromised.
It's still a good idea to change your password if you haven't done so recently, just to be absolutely safe.
It's still a good idea to change your password if you haven't done so recently, just to be absolutely safe.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"