Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Forum Suggestions & User Assistance Have a suggestion for the forums? Need help with the Forums? Post here.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 04-13-14, 08:00 PM   #1
alaskanb3arcub
Senior Member
Thread Starter
 
Join Date: Apr 2009
Bikes: Forest Green Dahon Boardwalk
Posts: 198
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Heartbleed

Heartbleed may or may not be a big issue on here, but this is what Chromebleed reports:

"Use caution, www.bikeforums.net had error[diial tcp 98.195.199:443: connection refused]"

Maybe it's because I'm not a paid member, but I thought I'd mention(and now it won't eat at me).
alaskanb3arcub is offline   Reply With Quote
Old 04-13-14, 09:58 PM   #2
CbadRider
Administrator
 
CbadRider's Avatar
 
Join Date: Sep 2008
Location: On the bridge with Picard
Bikes: Specialized Allez, Specialized Sirrus
Posts: 5,962
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 5 Post(s)
Thanks, I have reported this to Internet Brands.
__________________
Quote:
Originally Posted by Xerum 525 View Post
Now get on your cheap bike and give me a double century. You walking can of Crisco!!

Forum Guidelines *click here*
CbadRider is offline   Reply With Quote
Old 04-14-14, 09:40 AM   #3
Tom Stormcrowe
Out fishing with Annie on his lap, a cigar in one hand and a ginger ale in the other, watching the sunset.
 
Tom Stormcrowe's Avatar
 
Join Date: Mar 2006
Location: South Florida
Bikes: Techna Wheelchair and a Sun EZ 3 Recumbent Trike
Posts: 16,118
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Near as I can tell, Heartbleed only affects OpenSSL encryption and the forums do not use this. Linux Users do need to be aware that their OS is vulnerable (Debian, SUSE, Ubuntu, Red Hat, et al), since their encryption is driven by OpenSSL

Quote:
Originally Posted by heartbleed bug information site

Heartbleed Bug[h=4]What versions of the OpenSSL are affected?[/h] Status of different versions:
  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
[h=4]How common are the vulnerable OpenSSL versions?[/h] The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
[h=4]How about operating systems?[/h] Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
  • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  • CentOS 6.5, OpenSSL 1.0.1e-15
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  • FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
  • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
  • SUSE Linux Enterprise Server
  • FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD 10.0p1 - OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
  • FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
__________________
. “He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you.”- Fredrick Nietzsche

"We can judge the heart of a man by his treatment of animals." - Immanuel Kant
Tom Stormcrowe is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 04:07 PM.