Mr. House Posted April 12, 2014 Share Posted April 12, 2014 Is BZP effected by this virus? I occasionally return to BZP for a nostalgic trip back. Hit me up on discord if you need anything. BZPRPG Characters that I will possibly revive, Mons-Shajs-Tarotrix-Aryll Vudigg-Jorruk Yokin-Senavysh Angavur Link to comment Share on other sites More sharing options...
~Shockwave~ Posted April 12, 2014 Share Posted April 12, 2014 It's not really a virus. But I don't believe so. I think it only comprimised Https sites. 1 3DS Freind Code: 1693-0634-1082 Name: Joey I also have Mario Kart 7, Animal Crossing: New Leaf, Pokemon Y and Kid Icarus: Uprising PM me to add me. Steam profile Click here for the BZP Destiny Group Link to comment Share on other sites More sharing options...
Reznas Posted April 12, 2014 Share Posted April 12, 2014 (edited) It's a security vulnerability with SSL protocol. It only applies to sites that use SSL protocol, which is what https:// signifies (as Shockwave mentioned already). Since BZP is not under such a security protocol, there's nothing to worry about. -Rez EDIT: If you're worried, just change you password and make sure that your BZPower password isn't identical to your passwords on other sites. If your passwords are compromised on a site vulnerable to Heartbleed, those passwords can be used to log into any user account you have, assuming you use identical passwords for each website. But the chances of a hacker choosing to compromise your BZP account are slim. Edited April 12, 2014 by Reznas 1 Link to comment Share on other sites More sharing options...
Meiko Posted April 12, 2014 Share Posted April 12, 2014 BZPower runs on CloudFlare, and CloudFlare patched the issue a week before it was announced publicly. BZPower is safe, especially since BZPower has no TCP or UDP connections that run on SSL. (e.g. FTPS or HTTPS) -- Meiko - @georgebarnick LUG Ambassador and administrator at Brickipedia News reporter and database administrator at Brickset Administrator at BIONICLEsector01 DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability. Link to comment Share on other sites More sharing options...
Gatanui Posted April 12, 2014 Share Posted April 12, 2014 It's a security vulnerability with SSL protocol. It only applies to sites that use SSL protocol, which is what https:// signifies (as Shockwave mentioned already). Since BZP is not under such a security protocol, there's nothing to worry about. -Rez EDIT: If you're worried, just change you password and make sure that your BZPower password isn't identical to your passwords on other sites. If your passwords are compromised on a site vulnerable to Heartbleed, those passwords can be used to log into any user account you have, assuming you use identical passwords for each website. But the chances of a hacker choosing to compromise your BZP account are slim.Actually, only the OpenSSL implementation of the SSL protocol is affected. Unfortunately, the majority of the sites with SSL do use OpenSSL, but there are also other implementations which are not affected by this vulnerability. And it's indeed not a virus. In fact, this has nothing to do with viruses at all. -Gata 1 - Gata Please don't use my avatar or signature without permission, thanks! Link to comment Share on other sites More sharing options...
Reznas Posted April 12, 2014 Share Posted April 12, 2014 Yeah, sorry. Forgot to add the "Open" part. Oh, well. BZPower's not affected, so I guess it doesn't matter so much. -Rez Link to comment Share on other sites More sharing options...
Voxumo Posted April 13, 2014 Share Posted April 13, 2014 Wait.. what is Heartbleed Virus? Banner made by Onaku BZPRPG CHARACTERS Syvra-Tivanu If you interact with one of my characters and I don't respond or acknowledge the interaction within a day, send me a PM. Odds are I missed or did not see the post. Link to comment Share on other sites More sharing options...
Meiko Posted April 13, 2014 Share Posted April 13, 2014 (edited) Wait.. what is Heartbleed Virus?The Heartbleed Bug (not a virus at all) is a vulnerability in OpenSSL, a piece of software used by millions of websites that is used to keep the web secure. SSL is a protocol in computer systems that secures data as it is transferred, but this vulnerability made it possible for attackers to get bits of data transfers (called "packets") that could contain potentially sensitive information. Here are some links with more information:http://heartbleed.com/https://en.wikipedia.org/wiki/Heartbleedhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 Edited April 13, 2014 by Meiko 1 -- Meiko - @georgebarnick LUG Ambassador and administrator at Brickipedia News reporter and database administrator at Brickset Administrator at BIONICLEsector01 DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability. Link to comment Share on other sites More sharing options...
Voxumo Posted April 13, 2014 Share Posted April 13, 2014 Wait.. what is Heartbleed Virus?The Heartbleed Bug (not a virus at all) is a vulnerability in OpenSSL, a piece of software used by millions of websites that is used to keep the web secure. SSL is a protocol in computer systems that secures data as it is transferred, but this vulnerability made it possible for attackers to get bits of data transfers (called "packets") that could contain potentially sensitive information. Here are some links with more information:http://heartbleed.com/https://en.wikipedia.org/wiki/Heartbleedhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 Ah... Ok thank you for explaining this.. makes more sense Banner made by Onaku BZPRPG CHARACTERS Syvra-Tivanu If you interact with one of my characters and I don't respond or acknowledge the interaction within a day, send me a PM. Odds are I missed or did not see the post. Link to comment Share on other sites More sharing options...
GSR Posted April 13, 2014 Share Posted April 13, 2014 (edited) Meiko, Gata, and Rez have explained things fairly well. BZP, to my knowledge, doesn't use SSL anywhere on the site, and so should not be affected. (Payments for store purchases are handled through PayPal's servers, not BZP's - and PayPal has stated they were not effected by the bug.) For a list of major sites that have been affected, I'd recommend this article. In general, most affected sites should have updated their OpenSSL software to patch the bug by now, but a good strategy to follow is to change your password on affected site after the vulnerability has been patched. If you've been reusing your password on multiple sites - well, that's not a very good idea to begin with, but you'll want to change all of those. If I'm misunderstanding something about BZP's use of SSL, and we have been affected, I'm sure Black Six'll reopen this topic and provide clarification. Otherwise, for now - looks like things are all answered, so I'll close the topic for the moment. Edited April 13, 2014 by GSR 2 Hey: I'm not very active around BZP right now. However, you can always contact me through PM (I have email notifications set up) and I will reply as soon as I can. Useful Topics: The Q&A Compendium | The Official RPG Planning Topic Stories: Fractures | An Aftermath | Three Stories | LSO 2012 Epics: Team Three | The Shadow and the Sea | The Days They Were Needed | Glitches | Transformations | Echoes | The Kaita and the Storyteller | Nui BZPRPG: Komae · Soraya · Bohrei Blog: Defendant Lobby no. 42 Link to comment Share on other sites More sharing options...
Black Six Posted April 13, 2014 Share Posted April 13, 2014 GSR and others were correct - BZPower was not impacted by this bug as we do not use OpenSSL on the site. 5 Bio of a BZP Admin Link to comment Share on other sites More sharing options...
Recommended Posts