Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Menu
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com
terms of usage.
Search
Gixen.com Forum Index
->
Announcements
Post a reply
Username
Subject
Anti-Bot check:
Enter characters from the following image:
Message body
Emoticons
View more Emoticons
Font colour:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
White
Black
Font size:
Tiny
Small
Normal
Large
Huge
Close Tags
Options
HTML is
OFF
BBCode
is
ON
Smilies are
ON
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 8 Hours
Jump to:
Select a forum
Gixen
----------------
Announcements
Support
Suggestions and Ideas
Impressions
Blog
Topic review
Author
Message
mario
Posted: Wed Apr 09, 2014 12:58 pm
Post subject:
Mark,
To be completely honest, I never put much trust in SSL anyway. If you look historically (see link below), it seems that only as of fairly recently one can assume that SSL/TLS is secure, with proper combination of version and cipher.
https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher
I wouldn't be surprised that security organizations that have know-how and resources can read through it effortlessly.
I feel much more confident about eBay security measures than ssl. In other words, what actions can an intruder do if they already have my ebay credentials that would harm me? Thanks to eBay security measures, not much, or at least not much without me noticing and being notified.
Cupid
Posted: Wed Apr 09, 2014 12:43 pm
Post subject:
Thank you for this announcement Mario, and well done for investigating it and assuring the users before most would even have been aware of the possibility of a problem.
It goes to show that being on what we used to refer to as the 'bleeding edge' is not the place to be for well established services like Gixen... using what has been tried and tested over a long period and not upgrading as soon as is possible (unless the new features are essential) is always the better strategy IMHO.
This looks like a major mess up by the OpenSSL team... it having been left undetected for two years just makes it even more shocking.
mario
Posted: Wed Apr 09, 2014 11:45 am
Post subject: Heartbleed SSL vulnerability
Gixen is not affected by the Heartbleed SSL vulnerability, as Gixen front-end servers are running OpenSSL versions that are not vulnerable, and are, in fact, older than the versions affected. I will upgrade them to the latest version in the near future regardless.
I am unsure as to if eBay itself is affected, as I do not know the nature of eBay front-end servers. I believe that they used to be Microsoft-based (IIS), but that may have changed, as they no longer identify themselves. I will wait for eBay itself to have a say on this.
© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.