Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com terms of usage.


   SearchSearch     

Heartbleed SSL vulnerability

 
Post new topic   Reply to topic    Gixen.com Forum Index -> Announcements
View previous topic :: View next topic  
Author Message
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7110

PostPosted: Wed Apr 09, 2014 11:45 am    Post subject: Heartbleed SSL vulnerability Reply with quote

Gixen is not affected by the Heartbleed SSL vulnerability, as Gixen front-end servers are running OpenSSL versions that are not vulnerable, and are, in fact, older than the versions affected. I will upgrade them to the latest version in the near future regardless.

I am unsure as to if eBay itself is affected, as I do not know the nature of eBay front-end servers. I believe that they used to be Microsoft-based (IIS), but that may have changed, as they no longer identify themselves. I will wait for eBay itself to have a say on this.
Back to top
View user's profile Send private message Send e-mail
Cupid



Joined: 09 Aug 2007
Posts: 7567
Location: Bristol, UK

PostPosted: Wed Apr 09, 2014 12:43 pm    Post subject: Reply with quote

Thank you for this announcement Mario, and well done for investigating it and assuring the users before most would even have been aware of the possibility of a problem.

It goes to show that being on what we used to refer to as the 'bleeding edge' is not the place to be for well established services like Gixen... using what has been tried and tested over a long period and not upgrading as soon as is possible (unless the new features are essential) is always the better strategy IMHO.

This looks like a major mess up by the OpenSSL team... it having been left undetected for two years just makes it even more shocking.
_________________
Mark
Back to top
View user's profile Send private message
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7110

PostPosted: Wed Apr 09, 2014 12:58 pm    Post subject: Reply with quote

Mark,

To be completely honest, I never put much trust in SSL anyway. If you look historically (see link below), it seems that only as of fairly recently one can assume that SSL/TLS is secure, with proper combination of version and cipher.

https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher

I wouldn't be surprised that security organizations that have know-how and resources can read through it effortlessly.

I feel much more confident about eBay security measures than ssl. In other words, what actions can an intruder do if they already have my ebay credentials that would harm me? Thanks to eBay security measures, not much, or at least not much without me noticing and being notified.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Gixen.com Forum Index -> Announcements All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.