Security Threat: The Heart Bleed bug

[NPer]

Web users, beware. There's a new security bug that has been discovered and is described to be "one of the greatest threats to ever surface the World Wide Web," according to The Clock Online.

The bug, nicknamed "Heart Bleed," was discovered on Monday by Google and Codenomicon engineers, but has allegedly been around the Internet for about two years now.

Heart Bleed poses a huge threat to consumers as it compromises sensitive personal consumer information and its attackers are untraceable.

http://www.latinpost.com/articles/1...bug-found-by-google-exposes-internet-data.htm

I've received several emails from different services requesting me to change my password. I've received emails from Dynadot, ResellerClub, Domaintools etc, and hosting companies to change my password.

 

[CoolRev]

I have received countless emails today from my domain & hosting providers to reset my passwords but they said more about a bug in OpenSSL that could have compromised personal info ,etc or something like that.

-CR

 

[mis_chiff]

Received a Dynadot request for a password change too, how do we know if we have it?

 

[NPer]

Received a Dynadot request for a password change too, how do we know if we have it?

You definitely were affected by it, if you've received an email saying this. The platform/service was affected by this bug which went undetected for so long- 2 years. That's why we've received that Dynadot email.

Every service affected is probably asking their customers to change their passwords before whoever it was that created bug, enters their account and does all sorts of things.

Godaddy didn't send one (yet?)... maybe they were not affected by this bug.

 

[McDuke]

Godaddy didn't send one (yet?)... maybe they were not affected by this bug.

or maybe they have the antidote! The plot thickens... dun dun dunnn

 

[NPer]

or maybe they have the antidote! The plot thickens... dun dun dunnn

Perhaps, but even so, if the password for an account is the same as it was before the bug was fixed, then that account could still be at risk.

Maybe GD is fine after-all?

 

[Ms Domainer]

*

Two different people at Go Daddy says they are okay for domain accounts.

But they suggest changing your hosting account password.

*

 

[enlytend]

List of major sites which were affected:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

 

[Kate]

Nodaddy apparently is hosted on a micro$oft iis platform, so not affected by the openssl bug

 

[alien51]

How about NP?

 

[Kate]

Reportedly safe.

 

[TalkDevelopment]

I have updated all certs on my servers and have updated everything but over the last few days and mostly since last night one of my servers has been getting hit very hard with bruteforce attempts at root and dos as well. I do not know if it is related but wow.. In the 4 years I have had these dedicated servers I have never experienced such a wide spread attack.

I finally manged to get things under control for the most part using the firewall and some other scripts and tools but my server was bogged down all night last night and even the session directory was maxed out.

One of the easiest ways to secure yourself for this is to change your passwords and use a decent password generator. If your information was on a compromised site you will be safe.

I don't know if it is coincidence but boy was I scared.

 

[enlytend]

I have updated all certs on my servers and have updated everything but over the last few days and mostly since last night one of my servers has been getting hit very hard with bruteforce attempts at root and dos as well. I do not know if it is related but wow.. In the 4 years I have had these dedicated servers I have never experienced such a wide spread attack.

I don't think it's related, but there's been a lot of that going around.

 

[Kate]

I have updated all certs on my servers and have updated everything but over the last few days and mostly since last night one of my servers has been getting hit very hard with bruteforce attempts at root and dos as well. I do not know if it is related but wow.. In the 4 years I have had these dedicated servers I have never experienced such a wide spread attack.

Same here. A lot of attacks, more than usual.

 

[Name Trader]

I just received an email from Sedo for my 2 accounts there (1 of which I haven't used in years). They didn't mention about the "Heart Bleed" bug. But I assume that was why they wanted me to verify my emails so I could make offers (which I hadn't made). It sounded like a scam, So I checked the urls thoroughly before verifying my emails

Dear xxx,

Thank you for becoming a Sedo member!

In order to submit your offer for you must first verify that the email you provided is a valid email address.

**********************************
Email Confirmation Code: 08f1cbf3
**********************************

Please type this Email Confirmation Code onto the Account Confirmation page that prompted you to this email.

This code will expire soon, so please confirm your account as soon as possible.

If you're not currently on the Account Confirmation page, please click the link below or copy and paste it into your browser window:
http://sedo.com/confirm_account.php?challenge=b63d91cd20ba71459cf49087d784ea23b239cc82&language=e

If you have additional questions please visit support.sedo.com

Best Regards,

Your Sedo Team
Customer Support - UK/International

I changed my passwords immediately, just in case.

 

[mis_chiff]

Careful Who you are verifying!!

I just received an email from Sedo for my 2 accounts there (1 of which I haven't used in years). They didn't mention about the "Heart Bleed" bug. But I assume that was why they wanted me to verify my emails so I could make offers (which I hadn't made). It sounded like a scam, So I checked the urls thoroughly before verifying my emails



I changed my passwords immediately, just in case.

Apparently this was the FAKE one - I guess because all the companies involved are changing stuff
these hackers decided to get in on the changes

I just got this from SEDO - AFTER doing the other one FFS!!!!

Dear wendy,

We wish to inform you that on Saturday, 12th April, the Sedo website was compromised by an unknown intruder through a previously unknown security loophole. This resulted in an unauthorised email with the subject “Confirm your Sedo Account" being sent to a small number of our customers.

Our immediate investigation into the matter has shown that your email address was unfortunately one of those affected. That means that the intruder has got your email address only. NO other data has been compromised, i.e. no passwords or other account information was obtained. The security vulnerability was closed as soon as it was detected and any further unauthorised access was successfully prevented. This means that your Sedo account is safe, and you do not need to take any action to safeguard data stored in your account. Clicking on the link in the unauthorised email has no adverse effects.

If you have any questions we will be happy to help you. Please contact your account manager or visit our customer support center at http://support.sedo.com.

We apologize for any inconvenience this issue may has caused.

Best regards,
Your Sedo Team

Sedo GmbH :: Im Mediapark 6 :: 50670 Cologne :: Germany
fon +49 221.34030.230 :: fax +49 221.34030.102
http://www.sedo.co.uk :: http://support.sedo.co.uk

District Council Cologne HRB 35019
Board of Management: Tobias Flaitz, Axel Hamann

wonder how accommodating they would be if domains were lost/transferred or removed.

happy Monday grrrrrrrr

 

[Name Trader]

How do you know this isn't a fake email also?

 

[NPer]

How do you know this isn't a fake email also?

That was my thoughts as well.

That second email tries to re-assure members that no info was compromised by using that link and following the fake instructions. Why doesn't the email go on to request these users to change their account password as a safety measure? But apparently there is no need to.

No need to worry? That's when you worry! :D

Whoever initiated the first email, could have sent the second one as well to put comprised account holders minds at ease... and hopefully they won't change their password again??

Just my speculative 2 cents.

 

[mis_chiff]

How do you know this isn't a fake email also?

Yeah that crossed my mind too
and rational is they aren't asking me to do anything this time, just informing me on what happened. Stating only the email was compromised, not passwords.

And also , when I got the first email and followed the instructions, I felt right away
that something was amiss because nothing happened.

so I did go back and change it again within minutes of the first time
just to be on the safer side - of what.... I'm not sure

 

[Name Trader]

Better safe than sorry