Jump to content

Is Alamy safe?


Recommended Posts

For more than two years, the Internet's most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck passwords, authentication cookies, and other sensitive data out of the private server memory of websites.  Was Alamy among the millions of sites using the OpenSSL library, and thus vulnerable to this extraordinarily nasty bug?


Have Alamy engineers updated OpenSSL and revoked and replaced their old TLS certificate? Should we be udating our passwords (how?)

Link to comment
Share on other sites

 

For more than two years, the Internet's most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck passwords, authentication cookies, and other sensitive data out of the private server memory of websites.  Was Alamy among the millions of sites using the OpenSSL library, and thus vulnerable to this extraordinarily nasty bug?

Have Alamy engineers updated OpenSSL and revoked and replaced their old TLS certificate? Should we be udating our passwords (how?)

 

Why don't you ask MS?

Link to comment
Share on other sites

 

 

For more than two years, the Internet's most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck passwords, authentication cookies, and other sensitive data out of the private server memory of websites.  Was Alamy among the millions of sites using the OpenSSL library, and thus vulnerable to this extraordinarily nasty bug?

Have Alamy engineers updated OpenSSL and revoked and replaced their old TLS certificate? Should we be udating our passwords (how?)

 

Why don't you ask MS?

 

 

A very good idea - or perhaps re-post this in the Alamy suggestions forum, so that you can be certain that it will be read by a moderator, and perhaps generate a reply.

Link to comment
Share on other sites

Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago.

Malicious re-captioning, perhaps? Or QC sabotage with inferior images?

 

Steal millions of images in hires and put them out for free?

 

wim

Link to comment
Share on other sites

 

Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago.

Malicious re-captioning, perhaps? Or QC sabotage with inferior images?

 

Steal millions of images in hires and put them out for free?

 

wim

 

Not from a contributor's login.

Link to comment
Share on other sites

Reading these articles, it's rarely clear to me if they include Macs in the attack.  :unsure:

 

As it was described to me today by colleagues who are addressing it on servers they provide to host major client web sites the attack is down at the operating system and services layers on the server, it is not a client side issue. So yes, any client accusing online services (email, cloud storage, web, internet etc) where they are running Mac, Windows, Linux or anything else on their PC is advised change their passwords on online services. It is the online end that may be compromised.

 

It is not a direct issue for me or anyone else who run web sites on third party hosts like GoDaddy or whoever. We just need our ISP to ensure  they have the matter in hand and have updated their server software stack.

Link to comment
Share on other sites

 

 

Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago.

Malicious re-captioning, perhaps? Or QC sabotage with inferior images?

 

Steal millions of images in hires and put them out for free?

 

wim

 

Not from a contributor's login.

 

 

Clients log in too.

And staff probably as well.

Besides today's article in my newspaper De Volkskrant, explains hackers increasingly seek out the delivery entrances to a system. The article is here. However I cannot get Google Translate to display it. Nor can I find the quotes in Symantec's Annual Threats Report.

 

wim

Link to comment
Share on other sites

I just received email today from Stockimo advising users to change their passwords. Since Stockimo has been using Alamy usernames and passwords then changing your Alamy password certainly wouldn't hurt.

 

 

 

 

You've probably read about something called Heartbleed that's compromised the security of many websites and resulted in most sites advising users to change their password. If you want to read more then check out this explaining OpenSSL encryption and the Heartbleed issue.

Stockimo makes use of Amazon Web Services which uses OpenSSL encryption. Amazon have now updated their infrastructure to fix the Heartbleed vulnerability and, as a result, we've also done some work at our end.

So, as a Stockimo user your security isn't compromised, however, we strongly recommend you change your password as a precaution.

If you have any questions then drop us a line support@stockimo.com.

Thanks
The Stockimo Team

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.