Heartbleed


If you have not yet heard about the Internet bug in OpenSSL called "Heartbleed", you need to google that word ASAP and learn about this latest online security threat to hit the news.
gz3827
I heard on the news last night that you shouldn't change passwords unless the organization that the password is for... has fixed this problem on their end. In-other-words, if he subject password is for AudiogoN, AudiogoN has to have applied a fix on their system... otherwise it's a waste of time to change the password.
I emailed Audiogon support yesterday and asked them about this issue. When I saw this thread I sent them a link to it. Let's see how they respond.
Here is the response from Audiogon Support. Sounds like they have taken some steps but are still working on it.

At this time:
1. We are patching all of our encrypted resources right now
2. We have already taken steps to prevent exploitation of this vulnerability
3. Our platform providers, Heroku and Amazon, have already taken steps to prevent exploitation of this vulnerability
4. Users can and should change their passwords as an additional precaution
Thank you for being a valued member of the Audiogon community. Please do not hesitate to contact us if there is anything else we can assist you with.
I read somewhere that it only affects Linux and Unix operating systems and that the criminal has to be "looking" at your transaction live (while it happens), in order to get your info.

I feel pretty safe. For now.

All the best,
Nonoise
I read somewhere that it only affects Linux and Unix operating systems ....
Although there may be some minor exceptions, I believe that is essentially true, if "Unix" is considered to include Unix-like operating systems such as the various versions of BSD.

To be sure it's clear, though, this refers to the OS of the web server used by the site, not to the OS used by the individual who is communicating with that server. The OS on an individual's computer makes no difference.

And my understanding is that the majority of the world's web servers run Linux, although many of them do not handle encrypted traffic, and many of those that do aren't using the versions of OpenSSL which have the vulnerability.

Also, yesterday Audiogon posted the following in the Hub section:
Audiogon.com is no longer vulnerable to the Heartbleed bug. All of our platform providers have taken steps to prevent exploitation of the Heartbleed vulnerability by updating OpenSSL. We have restarted all resources using OpenSSL. If you have not already, we recommend you change your password.
Best regards,
-- Al
More to discover