Please let us know by Stickies at the top of every Forum when it is time for us all to change our Password here on the Dope.
I’m wondering how the powers that be at the Dope will know if the Heartbleed hack is a problem.
Doesn’t look like SDMB uses SSL (no password icon, no HTTPS: in the address), so my guess is that there is nothing to fix.
ETA a late: No [del]password[/del] lock icon
Ignorance fought.
Thank you very much.
Of course, the failure to use SSL when credentials are passed means that your SDMB username and password is theoretically vulnerable to a man-in-the-middle interception.
But that has nothing to do with Heartbleed.
Or, to put it slightly differently, do not ever make your SDMB password the same as the password to any system you care about (e.g. banking, on-line ordering, e-mail, etc.) The same applies to any other non-HTTPS system. You really shouldn’t duplicate passwords on any important systems, but it becomes even more critically important in this case.
- For those more interested in heartbleed than in the SDMB, this is the most concise article on the subject I’ve come across so far. It’s 3 paragraphs at engadget. How to avoid heartburn, er, Heartbleed.
- With all the password attacks and necessity for strong and periodically changed passwords, a password manager is the only way to go, eggs in baskets notwithstanding. IMHO. I use KeePass.
- There are lots of longer and interesting articles on heartbleed. Here is one.
http://www.newyorker.com/online/blogs/elements/2014/04/the-internets-telltale-heartbleed.html
Krebs is a daily blogger covering security and cybercrime. James Fallows is a trustworthy journalist who also covers intermediate computing.
Longer primer:
- Relative to heartbleed the security problems at the SDMB are miniscule. Brrrrrr.
I wouldn’t go that far; that’s kind of true, but also kind of misleading. The security claims at the SDMB basically boil down to, “We’re not that secure, but no one really gives a damn. Possibly contrary to your expectations, the hackers of the world are not all that interested in cracking your SDMB login. We’re safe enough for any informed and reasonable person.” And that’s all true. Just don’t use the same password and username here and somewhere else.
I should point out that I’m talking about the regular message board operations, and have nothing to say about the credit card payment operations. (Sorry SDMB operators,) I’ve never looked at the payment part of the boards.
The heartbleed problem is different. These sites said, “We’re secure. We’re very secure. Trust us, no one can see your private information.” They were wrong, albeit somewhat indirectly so, in that no one could target you specifically, but they could still gather supposedly private information from the sites affected.
Basically, security on the SDMB doesn’t rise high enough to be compromised by heartbleed until this link works: https://boards.straightdope.com