Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Welcome to BZPower!

Hi there, while we hope you enjoy browsing through the site, there's a lot more you can do if you register. The process is easy and you can use your Google, Facebook, or Twitter account to make it even faster. Some perks of joining include:
  • Create your own topics, participate in existing discussions, and vote in polls
  • Show off your creations, stories, art, music, and movies and play member and staff-run games
  • Enter contests to win free LEGO sets and other prizes, and vote to decide the winners
  • Participate in raffles, including exclusive raffles for new members, and win free LEGO sets
  • Send private messages to other members
  • Organize with other members to attend or send your MOCs to LEGO fan events all over the world
  • Much, much more!
Enjoy your visit!

Photo

Heartbleed Virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 Offline Mr. House

Mr. House
  • Members
  • Ice Warrior Defeated

  • 2,983 posts
  •  

Posted Apr 12 2014 - 02:25 PM

Is BZP effected by this virus?


  • 0
"But autocracy? Firm control in the hands of a technological and economic visionary? Yes, that Vegas shall have." -Robert House

 

BZPRPG 2014 Profiles

Tarotrix-Aryll Vudigg-Larikon Torchbearer-Jorruk YokinMons Shajs-Senavysh Angavur-Vulunos-Shivada-Sukot urn Voyuk-Arvun-Iolatra-Mahane

The Brotherhood of Ak'rei'an- Want zombies? Want to play a religiously fanatical maniac? Well if so, join the BZPRPG's premier cult!

Want a clan of horse-riding Bio-Nomads? PM me to get your Taajar clan approved!  

 

 


#2 Online ~Shockwave~

~Shockwave~
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Emerging Fluidic Master

  • 1,207 posts
  •   Outstanding BZPower Citizen

Posted Apr 12 2014 - 02:31 PM

It's not really a virus.

But I don't believe so. I think it only comprimised Https sites.

  • 0

fs_overall.png

3DS Freind Code: 1693-0634-1082 Name: Joey

I also have Mario Kart 7, Animal Crossing: New Leaf, Pokemon Y and Kid Icarus: Uprising

PM me to add me. 

Steam profile

Click here for the BZP Destiny Group


#3 Offline Reznas

Reznas
  • Premier Member
  • Premier Members
  • Emerging Ice Warrior

  • 1,805 posts
  •  

Posted Apr 12 2014 - 02:35 PM

It's a security vulnerability with SSL protocol. It only applies to sites that use SSL protocol, which is what https:// signifies (as Shockwave mentioned already). Since BZP is not under such a security protocol, there's nothing to worry about. 

 

-Rez

 

EDIT: If you're worried, just change you password and make sure that your BZPower password isn't identical to your passwords on other sites. If your passwords are compromised on a site vulnerable to Heartbleed, those passwords can be used to log into any user account you have, assuming you use identical passwords for each website. But the chances of a hacker choosing to compromise your BZP account are slim.


Edited by Reznas, Apr 12 2014 - 02:38 PM.

  • 0

rc_banner.png


#4 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,063 posts
  •   Outstanding BZPower Citizen

Posted Apr 12 2014 - 03:49 PM

BZPower runs on CloudFlare, and CloudFlare patched the issue a week before it was announced publicly. BZPower is safe, especially since BZPower has no TCP or UDP connections that run on SSL. (e.g. FTPS or HTTPS)


  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#5 Offline Gatanui

Gatanui
  • Reporters
  • Senior News Finder

  • 11,019 posts
  •   BZP Reporter

Posted Apr 12 2014 - 04:28 PM

It's a security vulnerability with SSL protocol. It only applies to sites that use SSL protocol, which is what https:// signifies (as Shockwave mentioned already). Since BZP is not under such a security protocol, there's nothing to worry about. 
 
-Rez
 
EDIT: If you're worried, just change you password and make sure that your BZPower password isn't identical to your passwords on other sites. If your passwords are compromised on a site vulnerable to Heartbleed, those passwords can be used to log into any user account you have, assuming you use identical passwords for each website. But the chances of a hacker choosing to compromise your BZP account are slim.

Actually, only the OpenSSL implementation of the SSL protocol is affected. Unfortunately, the majority of the sites with SSL do use OpenSSL, but there are also other implementations which are not affected by this vulnerability. And it's indeed not a virus. In fact, this has nothing to do with viruses at all.

-Gata signoff.png

  • 0
Please don't use my avatar without permission, thanks ^_^

#6 Offline Reznas

Reznas
  • Premier Member
  • Premier Members
  • Emerging Ice Warrior

  • 1,805 posts
  •  

Posted Apr 12 2014 - 04:47 PM

Yeah, sorry. Forgot to add the "Open" part. :P Oh, well. BZPower's not affected, so I guess it doesn't matter so much.

 

-Rez


  • 0

rc_banner.png


#7 Online Voxumo

Voxumo
  • Premier Member
    BioniLUG Member
  • Premier Members
  • The Shadow Reaper

  • 3,240 posts
  •  

Posted Apr 12 2014 - 07:47 PM

Wait.. what is Heartbleed Virus?


  • 0

BZPRPG CHARACTERS

Syvra-Tivanu-Vrina-Voulge-Kidona-Chivinix-Celis-Darvin-Draeverian 'DJ'-

Home Grown Alaskan Sprites. Your one-stop shop for the most organic sprites

"Nightmares cease to exist when you come to the realization that even they can be an escape from the horrors of reality. Afterall you can wake up from a nightmare, but never can you wake up from reality."


#8 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,063 posts
  •   Outstanding BZPower Citizen

Posted Apr 12 2014 - 08:34 PM

Wait.. what is Heartbleed Virus?

The Heartbleed Bug (not a virus at all) is a vulnerability in OpenSSL, a piece of software used by millions of websites that is used to keep the web secure. SSL is a protocol in computer systems that secures data as it is transferred, but this vulnerability made it possible for attackers to get bits of data transfers (called "packets") that could contain potentially sensitive information. Here are some links with more information:


Edited by Meiko, Apr 12 2014 - 08:36 PM.

  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#9 Online Voxumo

Voxumo
  • Premier Member
    BioniLUG Member
  • Premier Members
  • The Shadow Reaper

  • 3,240 posts
  •  

Posted Apr 12 2014 - 09:23 PM

 

Wait.. what is Heartbleed Virus?

The Heartbleed Bug (not a virus at all) is a vulnerability in OpenSSL, a piece of software used by millions of websites that is used to keep the web secure. SSL is a protocol in computer systems that secures data as it is transferred, but this vulnerability made it possible for attackers to get bits of data transfers (called "packets") that could contain potentially sensitive information. Here are some links with more information:

 

Ah... Ok thank you for explaining this.. makes more sense


  • 0

BZPRPG CHARACTERS

Syvra-Tivanu-Vrina-Voulge-Kidona-Chivinix-Celis-Darvin-Draeverian 'DJ'-

Home Grown Alaskan Sprites. Your one-stop shop for the most organic sprites

"Nightmares cease to exist when you come to the realization that even they can be an escape from the horrors of reality. Afterall you can wake up from a nightmare, but never can you wake up from reality."


#10 Offline GSR

GSR
  • Premier Member
  • Premier Forum Leaders
  • Book Badger

  • 1,032 posts
  •   BZP Leader

Posted Apr 12 2014 - 09:25 PM

Meiko, Gata, and Rez have explained things fairly well.  BZP, to my knowledge, doesn't use SSL anywhere on the site, and so should not be affected.  (Payments for store purchases are handled through PayPal's servers, not BZP's - and PayPal has stated they were not effected by the bug.)

 

For a list of major sites that have been affected, I'd recommend this article

 

In general, most affected sites should have updated their OpenSSL software to patch the bug by now, but a good strategy to follow is to change your password on affected site after the vulnerability has been patched.  If you've been reusing your password on multiple sites - well, that's not a very good idea to begin with, but you'll want to change all of those.

 

If I'm misunderstanding something about BZP's use of SSL, and we have been affected, I'm sure Black Six'll reopen this topic and provide clarification.  Otherwise, for now - looks like things are all answered, so I'll close the topic for the moment.


Edited by GSR, Apr 12 2014 - 09:28 PM.

  • 1

#11 Offline Black Six

Black Six
  • BioniLUG Member
  • BZPower Administrators
  • Lego Ambassador

  • 12,129 posts
  •   BZP Staff

Posted Apr 13 2014 - 08:44 AM

GSR and others were correct - BZPower was not impacted by this bug as we do not use OpenSSL on the site.
  • 4




0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users