change all passwords :/ new bug

m.bbc.co.uk... jus seen this if already posted plz delete.. heartbleed bug tech firms advising public change all passwords :/

reply to post by robbeh


Problem is that until all those websites apply the fix that one has changed their passwords on , those new passwords are still vulnerable.

Yeah passwords are a weak point but not as weak as website security, or OS security.
I know this is a different thing but if you click on the wrong site or install the wrong software
you can essentially be giving someone a teamviewer like experience that won't interfere with your own.
All passwords that are stored all nicely sent right to the hackers PC.

Many people still think Viruses "are made to mess with your computer"
and not "by people to control and steal from your computer"

I just wanna go on record that if my posts contain increased profanity...it is probably not me

Anyone know if ATS was compromised?

cosmicexplorer
I just wanna go on record that if my posts contain increased profanity...it is probably not me

Anyone know if ATS was compromised?

Seriously who knows about ATS, though, since they don't even show the secure indications in the address line, it may have been hacked much further back than just the two years of Heartbleed.
Or maybe not

Just saying ATS wouldn't be a site even related to Heartbleed .

This is so ridiculous at this point. I change my banking and financial passwords regularly but as far as like ATS account or various non business email accounts i do not even bother anymore when I hear of these things. Hackers will always find a way, there is probably already a new bug being discovered in the new SSL patch. The entire social security system is compromised, criminal organizations at this point already have the SSN's and other various information on most people in America already IMO. I know people who's SSN's have been used by others dozens of times going back decades and theyve had to deal with the fallout.

reply to post by lightedhype


I agree..what are they going to get that they don't already have? Im not going through the 100s of websites to 'change my password"..What could someone actually do with NEOPAN 100? Post nasty comments on my behalf? It's just silly. My bank covers what very miniscule money I do have and my credit? meh..eff it.

Another thread on this
www.abovetopsecret.com...

reply to post by cosmicexplorer

We have to assume ATS has been compromised for a long time. If the agencies, rogue hackers etc. were digging into us average guys...you know theyve been here. We're prob at the top of their list.

Here's a place to see if fixes have been applied yet to "secure" sites:
lastpass.com...

I would love to be on the network security team for ATS

reply to post by DonVoigt


Is there one?

reply to post by Chamberf=6


I would think so, based on information I've read on the website, I'm thinking that the corporate offices and data center are somewhere near Scottsdale Arizona based on what I seen on the contact us page. Any website has servers ,routers , switches and data storage units that require maintenance and upkeep, ospf implementation, firewalls, IDS and IPS equipment, people to design access control lists, , there are any number of IT jobs that various companies require intelligent knowledgeable people to handle within their companies.

Won't start a new thread on this, but; Is anyone really surprised by this? And, I also wonder how many actually understand what has happened.

This "bug" only affects Apache servers, on both Linux and Unix OS's. The bug exists because, in their infinite wisdom, these server operators used Open Source software for their security layer.

So that yall understand; "Open Source" software is software where [I]anyone[/I] can get, read, modify, and of course reverse engineer the software package. In this case it was the SSL (Secure Socket Layer) of 2/3 of the servers on the Internet.

Again, this is the real price of Open Source software.

Now, before anyone tries to thrash me for saying this, this way; I am a software engineer who currently develops Web Based Applications...for Microsoft/IIS (not affected by the Heartbleed bug)...I am a Microsoft Partner with over 40 years experience.

Further, we, as Internet users, should start a "class action" against the developers of "OpenSSL", for making it "open source".

And, did y'all know that they knew about the "bug" back in 2011, and did nothing till now...

Chamberf=6
reply to post by DonVoigt

 

Is there one?

Probably not...ATS doesn't really need much as far as IT support goes. Their server provider supplies virtually everything they need.

reply to post by tanka418


If they are using someone else's servers, then yes that means they share a footprint with another company, but I'm not sure, but I thought I read in another thread a while back that ATS has it's own equipment.

DonVoigt
reply to post by tanka418

 

If they are using someone else's servers, then yes that means they share a footprint with another company, but I'm not sure, but I thought I read in another thread a while back that ATS has it's own equipment.

Even IF the do "own" their servers, they still need a place to put them, they still need high bandwidth connection to the "backbone". Typically, a small company like ATS doesn't do that.

Heck even I don't...I own the servers employed in my "data center", but I don't House the, I don't provide for the backbone connection. The "server farm" where my servers are kept do ALL the external IT work. The only part I deal with is the small cluster of servers in my datacenter. I would expect ATS to be the same. By the way...I host sites like ATS, even have an insurance company

Oh, and they don't necessarily "share" a footprint with anybody. ATS servers very likely have their very own set of IP addresses (like I do), and subscribe to a DNS server. No need to share anything other than very high bandwidth fiber-optic.