Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Welcome to BZPower!

Hi there, while we hope you enjoy browsing through the site, there's a lot more you can do if you register. The process is easy and you can use your Google, Facebook, or Twitter account to make it even faster. Some perks of joining include:
  • Create your own topics, participate in existing discussions, and vote in polls
  • Show off your creations, stories, art, music, and movies and play member and staff-run games
  • Enter contests to win free LEGO sets and other prizes, and vote to decide the winners
  • Participate in raffles, including exclusive raffles for new members, and win free LEGO sets
  • Send private messages to other members
  • Organize with other members to attend or send your MOCs to LEGO fan events all over the world
  • Much, much more!
Enjoy your visit!

Photo

Heartbleed Virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 Offline Mr. House

Mr. House
  • Members
  • Ice Warrior Defeated

  • 2,944 posts
  •  

Posted Apr 12 2014 - 02:25 PM

Is BZP effected by this virus?


  • 0
"But autocracy? Firm control in the hands of a technological and economic visionary? Yes, that Vegas shall have." -Robert House

 

BZPRPG 2014 Profiles

Tarotrix-Aryll Vudigg-Junyaus-Larikon Torchbearer-Jorruk YokinMons Shajs-Senavysh Angavur-Vulunos-Shivada-Sukot urn Voyuk-Arvun-Iolatra-Mahane

The Brotherhood of Ak'rei'an- Want zombies? Want to play a religiously fanatical maniac? Well if so, join the BZPRPG's premier cult!

Want a clan of horse-riding Bio-Nomads? PM me to get your Taajar clan approved!  

 

 


#2 Online ~Shockwave~

~Shockwave~
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Emerging Fluidic Master

  • 1,206 posts
  •   Outstanding BZPower Citizen

Posted Apr 12 2014 - 02:31 PM

It's not really a virus.

But I don't believe so. I think it only comprimised Https sites.

  • 0

fs_overall.png

3DS Freind Code: 1693-0634-1082 Name: Joey

I also have Mario Kart 7, Animal Crossing: New Leaf, Pokemon Y and Kid Icarus: Uprising

PM me to add me. 

Steam profile

Click here for the BZP Destiny Group


#3 Online Reznas

Reznas
  • Premier Member
  • Premier Members
  • Mata Nuian Protector Nuva

  • 1,779 posts
  •  

Posted Apr 12 2014 - 02:35 PM

It's a security vulnerability with SSL protocol. It only applies to sites that use SSL protocol, which is what https:// signifies (as Shockwave mentioned already). Since BZP is not under such a security protocol, there's nothing to worry about. 

 

-Rez

 

EDIT: If you're worried, just change you password and make sure that your BZPower password isn't identical to your passwords on other sites. If your passwords are compromised on a site vulnerable to Heartbleed, those passwords can be used to log into any user account you have, assuming you use identical passwords for each website. But the chances of a hacker choosing to compromise your BZP account are slim.


Edited by Reznas, Apr 12 2014 - 02:38 PM.

  • 0

rc_banner.png


#4 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,061 posts
  •   Outstanding BZPower Citizen

Posted Apr 12 2014 - 03:49 PM

BZPower runs on CloudFlare, and CloudFlare patched the issue a week before it was announced publicly. BZPower is safe, especially since BZPower has no TCP or UDP connections that run on SSL. (e.g. FTPS or HTTPS)


  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#5 Offline Gatanui

Gatanui
  • Reporters
  • Senior News Finder

  • 10,976 posts
  •   BZP Reporter

Posted Apr 12 2014 - 04:28 PM

It's a security vulnerability with SSL protocol. It only applies to sites that use SSL protocol, which is what https:// signifies (as Shockwave mentioned already). Since BZP is not under such a security protocol, there's nothing to worry about. 
 
-Rez
 
EDIT: If you're worried, just change you password and make sure that your BZPower password isn't identical to your passwords on other sites. If your passwords are compromised on a site vulnerable to Heartbleed, those passwords can be used to log into any user account you have, assuming you use identical passwords for each website. But the chances of a hacker choosing to compromise your BZP account are slim.

Actually, only the OpenSSL implementation of the SSL protocol is affected. Unfortunately, the majority of the sites with SSL do use OpenSSL, but there are also other implementations which are not affected by this vulnerability. And it's indeed not a virus. In fact, this has nothing to do with viruses at all.

-Gata signoff.png

  • 0
Please don't use my avatar without permission, thanks ^_^

#6 Online Reznas

Reznas
  • Premier Member
  • Premier Members
  • Mata Nuian Protector Nuva

  • 1,779 posts
  •  

Posted Apr 12 2014 - 04:47 PM

Yeah, sorry. Forgot to add the "Open" part. :P Oh, well. BZPower's not affected, so I guess it doesn't matter so much.

 

-Rez


  • 0

rc_banner.png


#7 Offline Voxumo

Voxumo
  • Premier Member
    BioniLUG Member
  • Premier Members
  • The Shadow Reaper

  • 3,212 posts
  •  

Posted Apr 12 2014 - 07:47 PM

Wait.. what is Heartbleed Virus?


  • 0

BZPRPG CHARACTERS

Syvra-Tivanu-Vrina-Voulge-Kidona-Chivinix-Celis-Darvin-Draeverian 'DJ'-

"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds the darkness has always got there first, and is waiting for it."

Home Grown Alaskan Sprites. Your one-stop shop for the most organic sprites


#8 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,061 posts
  •   Outstanding BZPower Citizen

Posted Apr 12 2014 - 08:34 PM

Wait.. what is Heartbleed Virus?

The Heartbleed Bug (not a virus at all) is a vulnerability in OpenSSL, a piece of software used by millions of websites that is used to keep the web secure. SSL is a protocol in computer systems that secures data as it is transferred, but this vulnerability made it possible for attackers to get bits of data transfers (called "packets") that could contain potentially sensitive information. Here are some links with more information:


Edited by Meiko, Apr 12 2014 - 08:36 PM.

  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#9 Offline Voxumo

Voxumo
  • Premier Member
    BioniLUG Member
  • Premier Members
  • The Shadow Reaper

  • 3,212 posts
  •  

Posted Apr 12 2014 - 09:23 PM

 

Wait.. what is Heartbleed Virus?

The Heartbleed Bug (not a virus at all) is a vulnerability in OpenSSL, a piece of software used by millions of websites that is used to keep the web secure. SSL is a protocol in computer systems that secures data as it is transferred, but this vulnerability made it possible for attackers to get bits of data transfers (called "packets") that could contain potentially sensitive information. Here are some links with more information:

 

Ah... Ok thank you for explaining this.. makes more sense


  • 0

BZPRPG CHARACTERS

Syvra-Tivanu-Vrina-Voulge-Kidona-Chivinix-Celis-Darvin-Draeverian 'DJ'-

"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds the darkness has always got there first, and is waiting for it."

Home Grown Alaskan Sprites. Your one-stop shop for the most organic sprites


#10 Offline GSR

GSR
  • Premier Member
  • Premier Forum Leaders
  • Book Badger

  • 1,023 posts
  •   BZP Leader

Posted Apr 12 2014 - 09:25 PM

Meiko, Gata, and Rez have explained things fairly well.  BZP, to my knowledge, doesn't use SSL anywhere on the site, and so should not be affected.  (Payments for store purchases are handled through PayPal's servers, not BZP's - and PayPal has stated they were not effected by the bug.)

 

For a list of major sites that have been affected, I'd recommend this article

 

In general, most affected sites should have updated their OpenSSL software to patch the bug by now, but a good strategy to follow is to change your password on affected site after the vulnerability has been patched.  If you've been reusing your password on multiple sites - well, that's not a very good idea to begin with, but you'll want to change all of those.

 

If I'm misunderstanding something about BZP's use of SSL, and we have been affected, I'm sure Black Six'll reopen this topic and provide clarification.  Otherwise, for now - looks like things are all answered, so I'll close the topic for the moment.


Edited by GSR, Apr 12 2014 - 09:28 PM.

  • 1

#11 Online Black Six

Black Six
  • BioniLUG Member
  • BZPower Administrators
  • Lego Ambassador

  • 12,120 posts
  •   BZP Staff

Posted Apr 13 2014 - 08:44 AM

GSR and others were correct - BZPower was not impacted by this bug as we do not use OpenSSL on the site.
  • 4




0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users