DecapitatingJim Posted April 8, 2014 Share Posted April 8, 2014 (edited) http://heartbleed.com/ Wondering how many people know about this? I found out not too long ago. Should I be worried about my Warframe account? D: Also Valve said you should probably change your Steam password. Edited April 8, 2014 by DecapitatingJim Link to comment Share on other sites More sharing options...
blackgu4rd Posted April 8, 2014 Share Posted April 8, 2014 The site and forum are protected, but the API is not. http://filippo.io/Heartbleed/#ToS violation Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 8, 2014 Author Share Posted April 8, 2014 (edited) Are the Devs aware of this? Should I be worried? XD Edited April 8, 2014 by DecapitatingJim Link to comment Share on other sites More sharing options...
Thundervision Posted April 8, 2014 Share Posted April 8, 2014 I sent a message to Rebecca right before this thread, lol. Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 8, 2014 Author Share Posted April 8, 2014 I sent a message to Rebecca right before this thread, lol. Awesome. Mind Pm'ming me her reply? I'm really curious about it but don't want to bother them XD Link to comment Share on other sites More sharing options...
Archistopheles Posted April 8, 2014 Share Posted April 8, 2014 I'm too dumb to understand this. How scared should I be? Link to comment Share on other sites More sharing options...
blackgu4rd Posted April 8, 2014 Share Posted April 8, 2014 Not too scared. But I'd advise not logging into the game until this vulnerability is fixed. Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 8, 2014 Author Share Posted April 8, 2014 (edited) I'm too dumb to understand this. How scared should I be? Every website that uses OpenSSL as a form of encryption (Which is pretty much every website in existence) is considered compromised. Including Bank accounts. Most sites have been able to patch it out, but yeah. Not massively scared but do be a little cautious. Edited April 8, 2014 by DecapitatingJim Link to comment Share on other sites More sharing options...
Thundervision Posted April 8, 2014 Share Posted April 8, 2014 Awesome. Mind Pm'ming me her reply? I'm really curious about it but don't want to bother them XD Sure. When she will read it. Or maybe DE will post something here. Link to comment Share on other sites More sharing options...
Cpl_Facehugger Posted April 8, 2014 Share Posted April 8, 2014 Every website that uses OpenSSL as a form of encryption (Which is pretty much every website in existence) is considered compromised. Including Bank accounts. Most sites have been able to patch it out, but yeah. Not massively scared but do be a little cautious. Basically, change your passwords (when you're sure the site has patched it out, that is) and keep an eye on your bank/credit card statements for weird charges. Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 8, 2014 Author Share Posted April 8, 2014 (edited) Sure. When she will read it. Or maybe DE will post something here. Appreciate it. If DE do make a statement, stick a link in here would ya? I might not notice it since I don't browse too much on the forums. Basically, change your passwords (when you're sure the site has patched it out, that is) and keep an eye on your bank/credit card statements for weird charges. I know Tumblr is working on it. Valve have patched it out. Not sure about other sites. A new version of OpenSSL has been released that removes the exploit, but no idea how many sites have used it so far. Edited April 8, 2014 by DecapitatingJim Link to comment Share on other sites More sharing options...
blackgu4rd Posted April 8, 2014 Share Posted April 8, 2014 I would consider it a problem only if you logged in/used their services in the timeframe between the exploit being made public and being patched. And changing your password while the vulnerability is there won't help anything. Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 8, 2014 Author Share Posted April 8, 2014 (edited) I would consider it a problem only if you logged in/used their services in the timeframe between the exploit being made public and being patched. And changing your password while the vulnerability is there won't help anything. Yeah, still it's nice to play safe. So be as well changing once it's been patched out of wherever. Edited April 8, 2014 by DecapitatingJim Link to comment Share on other sites More sharing options...
Da_Spadger Posted April 9, 2014 Share Posted April 9, 2014 I went ahead and sent a ticket asking about this whole Heartbleed and API server thing. I'll edit this post and include the reply when I receive it. Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 9, 2014 Author Share Posted April 9, 2014 (edited) Thank ya, appreciate it. Also damn you for having Da in at the beginning of your name, I misread and thought it was a DE reply. XD Edited April 9, 2014 by DecapitatingJim Link to comment Share on other sites More sharing options...
Archistopheles Posted April 9, 2014 Share Posted April 9, 2014 My secured work PC is saying the Warframe.com security cert is expired... Is that part of this thing? Link to comment Share on other sites More sharing options...
blackgu4rd Posted April 9, 2014 Share Posted April 9, 2014 (edited) My secured work PC is saying the Warframe.com security cert is expired... Is that part of this thing? It's likely that DE is getting new certs along with updating OpenSSL. EDIT: Redtext just popped up. They're patching it right now. Edited April 9, 2014 by blackgu4rd Link to comment Share on other sites More sharing options...
DecapitatingJim Posted April 9, 2014 Author Share Posted April 9, 2014 Have a screenshot of the red-text thing by any chance? Link to comment Share on other sites More sharing options...
Da_Spadger Posted April 9, 2014 Share Posted April 9, 2014 (edited) I just got a reply from support saying that the issue has been fixed. EDIT: No new patch when starting the launcher. Would a client patch be needed, even? EDIT2: http://filippo.io/Heartbleed/#ToS violation All good, it seems. :D Edited April 9, 2014 by Da_Spadger Link to comment Share on other sites More sharing options...
Archistopheles Posted April 9, 2014 Share Posted April 9, 2014 So now's the time to reset our passwords? Link to comment Share on other sites More sharing options...
Da_Spadger Posted April 9, 2014 Share Posted April 9, 2014 I guess it is! Link to comment Share on other sites More sharing options...
blackgu4rd Posted April 9, 2014 Share Posted April 9, 2014 Have a screenshot of the red-text thing by any chance? Nope, sorry. Anyway, /thread Link to comment Share on other sites More sharing options...
Recommended Posts