Log inRegister an accountBrowse CSDbHelp & documentationFacts & StatisticsThe forumsAvailable RSS-feeds on CSDbSupport CSDb Commodore 64 Scene Database
You are not logged in - nap
CSDb User Forums


Forums > CSDb Feedback > "HeartBleed"
2014-04-10 07:44
Conrad

Registered: Nov 2006
Posts: 856
"HeartBleed"

So I was reading some news this morning about this so-called "Heartbleed" bug, which would try to decrypt your account passwords when you log in.
Out of interest I put in the CSDB website (both the .dk and .c64.org domains) in the checker tool provided by LastPass (https://lastpass.com/heartbleed), and reports that
the CSDB website is vulnerable to the bug due to using OpenSSL.

Even though this site is proned to this bug, do any of you reckon that it won't pay the cost of losing a lot of data on this website? At the
end of the day, this is a small community compared to Facebook, Google+ etc.
2014-04-10 07:46
Shine

Registered: Jul 2012
Posts: 387
Very interesting!
2014-04-10 08:11
Burglar

Registered: Dec 2004
Posts: 1137
the check linked by conrad is probably incorrect. afaik openssl 0.9.8 is *not* vulnerable.
2014-04-10 08:32
lemming

Registered: Oct 2009
Posts: 44
Yup, Burglar is right, 0.9.8-series is ok.
Also http://filippo.io/Heartbleed/#csdb.dk
2014-04-10 14:11
scout

Registered: Dec 2002
Posts: 1578
All you want to know about the Hearbleed bug, which OpenSSL versions are vulnerable and which are not: http://heartbleed.com/

Also, use the link Lemming posted and not that lastpass thing.

Off to re-create some private keys...Bye! :D
2014-04-10 14:13
Beastifire
Account closed

Registered: Mar 2013
Posts: 40
So who will code the first C64 SSL implementation? :)
2014-04-11 08:43
Perff
Administrator

Posts: 1684
I learned about this bug yesterday and found CSDb to be unaffected, so didn't think more about it. :)
2014-04-11 13:03
Sith
Account closed

Registered: Jul 2013
Posts: 17
I hardly think any professional hackers would be bothered hacking into a website about us old farts enjoying our beloved old computer anyway. It is not profitable to them. :)

They will target any site that involves financial transactions and inputting credit card data though.
2014-04-11 16:40
chatGPZ

Registered: Dec 2001
Posts: 11510
uh. it doesnt work like that. they are using scripts that attack whatever site, and what they are after are simply login credentials - because chances are high you used them elsewhere too.
2014-04-12 06:43
Peacemaker

Registered: Sep 2004
Posts: 279
this server IS not vulnerable. just checked it with my script :>
2014-04-12 22:52
Perff
Administrator

Posts: 1684
Good to get it confirmed. :)
RefreshSubscribe to this thread:

You need to be logged in to post in the forum.

Search the forum:
Search   for   in  
All times are CET.
Search CSDb
Advanced
Users Online
REBEL 1/HF
Krill/Plush
Guests online: 396
Top Demos
1 Next Level  (9.7)
2 13:37  (9.7)
3 Codeboys & Endians  (9.7)
4 Mojo  (9.6)
5 Coma Light 13  (9.6)
6 Edge of Disgrace  (9.6)
7 Signal Carnival  (9.6)
8 Uncensored  (9.5)
9 Wonderland XIV  (9.5)
10 No Bounds  (9.5)
Top onefile Demos
1 Nine  (9.7)
2 Layers  (9.6)
3 Cubic Dream  (9.6)
4 Party Elk 2  (9.6)
5 Copper Booze  (9.5)
6 Scan and Spin  (9.5)
7 Onscreen 5k  (9.5)
8 Grey  (9.5)
9 Dawnfall V1.1  (9.5)
10 Rainbow Connection  (9.5)
Top Groups
1 Artline Designs  (9.3)
2 Booze Design  (9.3)
3 Oxyron  (9.3)
4 Performers  (9.3)
5 Censor Design  (9.3)
Top Webmasters
1 Slaygon  (9.7)
2 Perff  (9.6)
3 Sabbi  (9.5)
4 Morpheus  (9.4)
5 CreaMD  (9.1)

Home - Disclaimer
Copyright © No Name 2001-2025
Page generated in: 0.042 sec.