Help Support Our Growing Community

DOTAFire is a community that lives to help every Dota 2 player take their game to the next level by having open access to all our tools and resources. Please consider supporting us by whitelisting us in your ad blocker!

Want to support DOTAFire with an ad-free experience? You can support us ad-free for less than $1 a month!

Go Ad-Free
Click to open network menu
MOBAFire RuneterraFire WildRiftFire CounterStats SmiteFire HeroesFire FarmFriends ForzaFire

Featured Site

Create Hero Build
Join or Log In
Heroes Guides Skills Members Items
X
Smitefire logo

Join the leading DOTA 2 community.
Create and share Hero Guides and Builds.

Create an MFN Account






Or

Heartbleed and You

Please review our General Rules & Guidelines before posting or commenting anywhere on DOTAFire.

Forum Reply
Forum » Support » Heartbleed and You 2 posts - page 1 of 1
Permalink | Quote | PM | +Rep by Mowen » April 9, 2014 7:11pm | Report
I'm sure you guys have heard of the "Heartbleed" bug. If not, you can read about it here;

http://heartbleed.com/

There is a bug in a security package, utilized almost everywhere on the internet, that in the right conditions could allow an attacker to steal key/password information and potentially even gain access to the server. The bug has been in the wild for about 2 years and was only recently discovered, and subsequently revealed (by the "good guys") a couple days ago.

I just wanted to let you guys know what action we have taken, what the risks are, and what action YOU might want to take.

Action We Have Taken



Fixes for this bug were issued almost immediately by vendors. We updated all of our servers and software with the fixed versions right away, and have been monitoring for additional patches. All of our sites sit behind CloudFlare, who were involved in handling this issue before it even went public, so they were patched already. Our host is rock solid and has taken all necessary measures to protect themselves and their networks.

Potential Risks



In terms of our sites, things are pretty safe. We patched immediately, we are relatively "sheltered" behind CloudFlare, we have a very reliable and trusted host, and we have security standards of our own to minimize the risk of attack, including this.

The most sensitive information that could be gained from a compromise on one of our servers is your encrypted passwords. However they would be next to useless to an attacker, as they are salted and stretched using a powerful hashing algorithm.

We have no reason to believe any such attack occurred, and we are safe from any future attack related to this bug.

In terms of the greater internet, there is a risk that any information you have stored on any website could potentially have been compromised, including your passwords or financial information. This is especially so for any websites that have not yet, or do not, patch their software for this bug now that it is out in the open.

What Should I Do?



This attack affects the entire internet. Change your passwords on critical sites. Start with your email and financial accounts. Use unique passwords on each of these sites to prevent a compromise on a weaker site from allowing attackers into your accounts on stronger sites. Ask the owners of sites you use, especially small independent sites, if they have taken the necessary measures. There are some tools to help test sites, such as;

http://filippo.io/Heartbleed/

I think that covers it. If you have any other questions or concerns, fire away!
Mowen
<Production Coordinator>


Notable (17)
Posts: 365
Steam: Mowen
View My Blog
Permalink | Quote | PM | +Rep by Xyrus » April 10, 2014 2:55am | Report
Ty, it's good to know this site is secure <}3
Xyrus
<Moderator>

Awards Showcase
Show more awards

Established (104)
Posts: 2429
Steam: Xyrus
View My Blog
Forum Reply

Quick Reply

Please log in or sign up to post!

DOTAFire is the place to find the perfect build guide to take your game to the next level. Learn how to play a new hero, or fine tune your favorite DotA hero’s build and strategy.

Copyright © 2019 DOTAFire | All Rights Reserved