Guest Posted April 9, 2014 Share Posted April 9, 2014 For more than two years, the Internet's most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck passwords, authentication cookies, and other sensitive data out of the private server memory of websites. Was Alamy among the millions of sites using the OpenSSL library, and thus vulnerable to this extraordinarily nasty bug? Have Alamy engineers updated OpenSSL and revoked and replaced their old TLS certificate? Should we be udating our passwords (how?) Link to comment Share on other sites More sharing options...
PatrioticAlien Posted April 9, 2014 Share Posted April 9, 2014 Should we be udating our passwords (how?) press forgot password then magically it will be reset Link to comment Share on other sites More sharing options...
spacecadet Posted April 9, 2014 Share Posted April 9, 2014 For more than two years, the Internet's most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck passwords, authentication cookies, and other sensitive data out of the private server memory of websites. Was Alamy among the millions of sites using the OpenSSL library, and thus vulnerable to this extraordinarily nasty bug? Have Alamy engineers updated OpenSSL and revoked and replaced their old TLS certificate? Should we be udating our passwords (how?) Why don't you ask MS? Link to comment Share on other sites More sharing options...
David W Posted April 9, 2014 Share Posted April 9, 2014 Ask MS but don't hold your breath! Link to comment Share on other sites More sharing options...
Alex Todd Posted April 9, 2014 Share Posted April 9, 2014 Advising everyone to change their online passwords just to be sure. http://www.bbc.co.uk/news/technology-26954540 Link to comment Share on other sites More sharing options...
losdemas Posted April 9, 2014 Share Posted April 9, 2014 For more than two years, the Internet's most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck passwords, authentication cookies, and other sensitive data out of the private server memory of websites. Was Alamy among the millions of sites using the OpenSSL library, and thus vulnerable to this extraordinarily nasty bug? Have Alamy engineers updated OpenSSL and revoked and replaced their old TLS certificate? Should we be udating our passwords (how?) Why don't you ask MS? A very good idea - or perhaps re-post this in the Alamy suggestions forum, so that you can be certain that it will be read by a moderator, and perhaps generate a reply. Link to comment Share on other sites More sharing options...
spacecadet Posted April 9, 2014 Share Posted April 9, 2014 Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago. Malicious re-captioning, perhaps? Or QC sabotage with inferior images? Link to comment Share on other sites More sharing options...
wiskerke Posted April 9, 2014 Share Posted April 9, 2014 Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago. Malicious re-captioning, perhaps? Or QC sabotage with inferior images? Steal millions of images in hires and put them out for free? wim Link to comment Share on other sites More sharing options...
Ed Rooney Posted April 9, 2014 Share Posted April 9, 2014 Reading these articles, it's rarely clear to me if they include Macs in the attack. Link to comment Share on other sites More sharing options...
spacecadet Posted April 9, 2014 Share Posted April 9, 2014 Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago. Malicious re-captioning, perhaps? Or QC sabotage with inferior images? Steal millions of images in hires and put them out for free? wim Not from a contributor's login. Link to comment Share on other sites More sharing options...
Martin P Wilson Posted April 9, 2014 Share Posted April 9, 2014 Reading these articles, it's rarely clear to me if they include Macs in the attack. As it was described to me today by colleagues who are addressing it on servers they provide to host major client web sites the attack is down at the operating system and services layers on the server, it is not a client side issue. So yes, any client accusing online services (email, cloud storage, web, internet etc) where they are running Mac, Windows, Linux or anything else on their PC is advised change their passwords on online services. It is the online end that may be compromised. It is not a direct issue for me or anyone else who run web sites on third party hosts like GoDaddy or whoever. We just need our ISP to ensure they have the matter in hand and have updated their server software stack. Link to comment Share on other sites More sharing options...
wiskerke Posted April 9, 2014 Share Posted April 9, 2014 Although one wonders what a hacker could do to one's Alamy account. Not change financial details, Alamy stopped that a while ago. Malicious re-captioning, perhaps? Or QC sabotage with inferior images? Steal millions of images in hires and put them out for free? wim Not from a contributor's login. Clients log in too. And staff probably as well. Besides today's article in my newspaper De Volkskrant, explains hackers increasingly seek out the delivery entrances to a system. The article is here. However I cannot get Google Translate to display it. Nor can I find the quotes in Symantec's Annual Threats Report. wim Link to comment Share on other sites More sharing options...
Alamy Posted April 10, 2014 Share Posted April 10, 2014 Is Alamy safe? Yes - http://www.alamy.com/Blog/contributor/archive/2014/04/10/5644.aspx Link to comment Share on other sites More sharing options...
fotoDogue Posted April 11, 2014 Share Posted April 11, 2014 I just received email today from Stockimo advising users to change their passwords. Since Stockimo has been using Alamy usernames and passwords then changing your Alamy password certainly wouldn't hurt. You've probably read about something called Heartbleed that's compromised the security of many websites and resulted in most sites advising users to change their password. If you want to read more then check out this explaining OpenSSL encryption and the Heartbleed issue. Stockimo makes use of Amazon Web Services which uses OpenSSL encryption. Amazon have now updated their infrastructure to fix the Heartbleed vulnerability and, as a result, we've also done some work at our end. So, as a Stockimo user your security isn't compromised, however, we strongly recommend you change your password as a precaution. If you have any questions then drop us a line support@stockimo.com. Thanks The Stockimo Team Link to comment Share on other sites More sharing options...
Allan Bell Posted April 11, 2014 Share Posted April 11, 2014 Thank heavens I do not do Stockimo. Allan Link to comment Share on other sites More sharing options...
dustydingo Posted April 13, 2014 Share Posted April 13, 2014 oops Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.