Hi everyone. This is a short public service announcement regarding the recently discovered
Heartbleed security bug. Basically, the bug allows any attacker in
no special position at all to eavesdrop on random parts of random https connections. A large number of internet services were affected, and if you e.g. logged into one of them recently, an attacker might have eavesdropped on your login and password.
It's not known if any services have been attacked like this and by whom, but it's likely that it happened at least in some places after the bug was published a few days ago. So, best change your passwords everywhere. Yaaay!
However, I can assure you that your forum account is safe from this bug, because we don't use https. That's right, we don't encrypt your connection, so your password is safe! Except from that neighbor in your WiFi network. Or your ISP. Or the intelligence services. Basically, anyone who could directly see the data flow between your PC and ganggarrison.com. But ironic as it is, that might still be more secure than a Heartbleed-affected https, because that can leak your password to an attacker anywhere on the internet.
Since we outsourced our website to Shutter Research, I'd like to pass on the press statement of their CEO:
We here at Shutter Research don't believe in all that security junk. We just put our code chimps in cages and call it a day. Looks like it saved our trousers this time!
Author
Topic: On the heartbleed security bug (Read 12769 times)
