Külföldi torrent oldalak Anthelion (TehConnection/Teh) | ANT Heartbleed

A témát ebben részben 'Torrent oldalak hírei' Dark Angel hozta létre. Ekkor: 2014. április 15..

  1. Dark Angel / Guest

    Heartbleed


    Apologies for the delay on posting this, I've been fairly busy lately.

    As most of you are probably well aware a critical security flaw in OpenSSL, CVE-2014-0160, known as Heartbleed has been all over the media over the last week. I won't go into the details of the vulnerability here as most of you are probably aware of the implications of this already. If you're interested in finding out more, please visit http://heartbleed.com/


    Some users have been questioning TehConnection's stance on this and what we intend to do about it, so I'll clear all that up now. Prior to April 1st 2014, TehConnection was running OpenSSL 0.9.8o, a version of OpenSSL unaffected by this vulnerability. On April 1st we updated our frontend servers to OpenSSL 1.0.1f, a version that was vulnerable. On April 7th we were made aware of this vulnerability, and upgraded to a version of OpenSSL which was not vulnerable.

    This leaves TehConnection's total exposure to this vulnerability being around 6 days. When the vulnerability was disclosed to the public on April 7th, we patched within 2 hours.

    What have we done about it? Other than patch our OpenSSL to no longer be vulnerable - we've not done anything. We're internally discussing re-issuing our SSL certificates, as there is technically a chance our private keys could have been compromised; however at the moment we do not feel that this is a threat to the integrity of the site's security.

    If you want to take extra precautions yourself, change your site password and re-generate your torrent passkey. If you logged into the site between April 1st and 7th then there's a small chance your plaintext password could have been compromised.

    Our official stance here at TehConnection is that we aren't worried about the future implications of this exploit and do not intend on taking any further action other than what has been discussed above. Due to our extremely minimal exposure time and quick patching of the vulnerability once it had gone live we do not feel the need to take any further precautions.

    If you've got any questions please post them in this thread or contact us via Staff PM, I'll do my best to answer all questions to the best of my ability.
     
Címkék :