Good thing Seabreeze doesn't use https......

Freaky .. an amazing hole that has existed for almost two years!

Seabreeze does use "https", but we don't/haven't used the library that has the flaw..

From what I've read, a hacker can send a simple 1 byte request to any linux based server (which hasn't been patched), and the server will send back a random 64,000 bytes of it's internal memory.

Lots of requests = lots of data, and at some point, the hacking will gleen something, such as passwords, credit cards, etc...

Sigh ...

laurie said..
Freaky .. an amazing hole that has existed for almost two years!

If you a the NSA (or any other three letter agency) maybe it's more of a feature...

Aww shucks - not I have to move this thread to heavy weather. lol

SO if we've bought anything via CC on SB do we need to worry..Just looking for the short answer

Mark _australia said..

OMG only me and now THREE nerds here. I feel like Penny in Big Bang Theory. Actually, no....
nevermind.

i feel like penny in big bang theory also. Got her number?

I'm not sure that this really changes anything.

There are any number of credit card number generators out there.

The reality is that you need to read your credit card statements every single month and account for every line item, particularly in the $20-$99 range, as this is often targeted to avoid arousing suspicion.

Visa / Mastercard repay any and every fraudulent transaction - it's the cheapest option for them.
Sometimes it takes time but you can always recover the money eventually.

jbshack said..

SO if we've bought anything via CC on SB do we need to worry..Just looking for the short answer

No. Seabreeze was NOT affected by it.

And.. NO credit card numbers are stored on our servers.

Throw that card out. Just tried to get a new kite, it declined

SpaceCoyote said..

Throw that card out. Just tried to get a new kite, it declined

that can't be right. the royal nigerian credit card inspection company checked it for me only this afternoon (i was lucky enough to be selected for a special online discount- it only cost me $50 to have it checked)

Something that I got email to me~

From McAfee Security systems

Consumer Threat Alerts:

Recently, a major security vulnerability named "Heartbleed" has made headlines around the world. This is a severe vulnerability stemming from a coding mistake in a widely-used security utility called OpenSSL.

The bug affects the encryption technology designed to protect your sensitive data on the Internet, like usernames, passwords and emails.

This is a flaw in the OpenSSL encryption code, not a virus that can be stopped by McAfee or other consumer security software. Because this vulnerability takes advantage of servers, and not consumer devices, businesses need to update to the latest version of OpenSSL to mitigate and address the dangers posed.

McAfee is currently in the process of auditing all of our services, and the services provided by our partners, for any dangers posed by Heartbleed. If there is any instance that the vulnerable version of OpenSSL is in use we will remediate with the utmost urgency.

The severity of the Heartbleed vulnerability cannot be overstated: several major enterprises use OpenSSL, and are likely affected by this vulnerability as well. The dangers posed by this vulnerability are very real and could affect you if exploited.

So what do you need to do?
?Right now, the best thing you can do is wait to be notified about affected services and patches or you can investigate this list provided by Mashable that has some well known brands listed.
?If you'd like to investigate whether or not a website you frequent has been affected, you can use this tool.
?Reset your password for every online service affected by Heartbleed. But beware: you should only change your password after the afflicted business has fixed its servers to remove the Heartbleed vulnerability. Changing your passwords before a company's servers are updated will not protect your credentials from being leaked.
?For additional details, please click here.
We at McAfee apologize for any inconvenience this may cause you. We will be contacting you again as we update our services that use OpenSSL.

Thank you for your time, and safe surfing.

Sincerely,

Gary Davis