Heartbleed SSL bug.

[karambit_rocks]

@nathank
Sir, Google provides a plug-in to its Chrome browser to alert the user. It is the same concept as any internet security software installed in our PCs so I don't see any concern for that matter.

[doczong]

A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.

[mb9]

Lol

[kutter]

You might consider reading this article on how checking for the heartbleed bug is illegal

http://bgr.com/2014/04/11/hearbleed-...curity-checks/

So bad laws that turn regular people into criminals. I'm getting a little deja vu here.

[mb9]

A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.

Thank you. This thread was lame until you posted.

[karambit_rocks]

You do realize they do orders by phone right? Or do you forget that there are other types of communication besides internet and cellular phones (wireless). Yeah a 10 year old website isn't going to be super secure. Its a shame things have gotten so far away from common sense and face to face business. If you don't have credit get a certified bank order/cashier check/whatever you want as only you and that person can accept it and its a hard copy for records no paper trail to worry about on the net or outside of business records. As well everything you do is recorded and shared anyways on a much larger scale so its not like there is really anything to complain about with Marstar especially since you are "smart" enough to recognize this. Unless there is a public page that everyone can go to with your personal info your point is mute. Internet security in general is a mute point.

What if someone hijacks your profile and able to see your past orders with all those personal info. Would it not put you in danger? Please forgive me if I sound too paranoid.

[xdmer]

Yeah, I'm tired of heartbleed and its hysteria too. In this case marstar.ca is vulnerable, I've confirmed it, and Marstar should be looking to patch openssl.

A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.

[karambit_rocks]

A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.

For people like me who are not as technical as you do this is a concern. I only learned about this after installing the Google Chrome Heartbleed plug-in. Thanks for the info.

[karambit_rocks]

It's not up to them to fix it. You know that, right? Their service provider is on it, I'm sure.

Yeah, it needs a push. Most people use Google Chrome nowadays and with the Hearthbleed plug-in installed it will make them think twice of making another transaction. I'm sure Marstar is already aware of this issue and it is to their advantage if this gets fixed sooner.

[Noob_]

My dogs breath smells like dog food........

You mean my cats breath smells like cat food.