mjr45 Posted April 18, 2014 Share #1 Posted April 18, 2014 I just got notice from Norton that the club site is vulnerable to the HeartBleed virus and personal information may be available. Any of the site moderators know about this? Link to comment https://www.classiczcars.com/topic/49059-just-an-fyi/ Share on other sites More sharing options...
DRBall Posted April 22, 2014 Share #2 Posted April 22, 2014 Norton has not said a peep about this site....How old is your version... Link to comment https://www.classiczcars.com/topic/49059-just-an-fyi/#findComment-446294 Share on other sites More sharing options...
mjr45 Posted April 22, 2014 Author Share #3 Posted April 22, 2014 I got a message about the Heartbleed virus and on the Norton site there is a tool to check websites by their URL. When I put in the club URL it came back as vulnerable to the virus. Link to comment https://www.classiczcars.com/topic/49059-just-an-fyi/#findComment-446328 Share on other sites More sharing options...
FastWoman Posted April 22, 2014 Share #4 Posted April 22, 2014 I posted an FYI to the non-Z related off-topic forum. I would hope the mods know about it. Fortunately my logon to this site already used my lowest-security tier of password. There are a few other Heartbleed-vulnerable sites that use old passwords.The danger to folks on this forum would be if the same password used on this site is also used for such things as your bank, email, or any resource you really don't want to get compromised. If hackers get your password here by exploiting the Heartbleed vulnerability, they can then potentially log on to any other account where you might use the same password. If you use the same password for your email, there's a lot of exposure to mischief, as password resets can be intercepted via your email, allowing the hackers to hijack almost anything of yours, especially those accounts that use your email address as a user ID.Anyway, if you've done like I have and changed the passwords on all of your sensitive accounts, you can PROBABLY be safe continuing to interact on this site with your old, now-insecure password. At least that's how I understand it. I think you just have to assume hackers have your classiczcars login -- including hackers from the NSA, of course. (The NSA is believed by the IT community to have introduced the bug into the OpenSSL code 10 years ago, and it appears from server logs that they have been exploiting their bug the entire time. The hacker community only discovered the exploit about 6 months ago.) Link to comment https://www.classiczcars.com/topic/49059-just-an-fyi/#findComment-446366 Share on other sites More sharing options...
TheCrazySwede Posted April 23, 2014 Share #5 Posted April 23, 2014 The danger is not in the site, but in the way it encrypts information (Open SSL)There are a lot of websites that use that type of security measures, although most websites that are in charge of sensitive information (Email clients, Banking, etc.) use a different approach, and thus aren't in danger of being compromised.I'm not a huge fan of Norton (I've been a Microsoft Certified Technician for almost 3 years) but the way it is telling you what sites are vulnerable is by checking what type of encryption methods the site uses. Most websites have updated their measures, but I can't speak in behalf of this one. Link to comment https://www.classiczcars.com/topic/49059-just-an-fyi/#findComment-446484 Share on other sites More sharing options...
FastWoman Posted April 24, 2014 Share #6 Posted April 24, 2014 Swede, I discovered the issue when I used this utility to test the site:https://filippo.io/Heartbleed/In the beginning this utility was actually able to exploit Heartbleed on the classiczcars.com site. (It tests by confirming the exploit works.) When I test now, I get a much less conclusive result. I don't know why or how, but until we hear the site has been fixed, I think it's best to assume it hasn't. Link to comment https://www.classiczcars.com/topic/49059-just-an-fyi/#findComment-446491 Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now