OpenSSL Heartbeat bug.

Wake everyone you know up. This is a fuck it all and update the hell out of it moment. Many sites are using OpenSSL versions that are vulnerable to a serious bug that will absolutely ruin your day. Read more here:
http://www.reddit.com/r/programming/comments/22ghj1/the_heartbleed_bug/

Gaslamp Games does not seem vulnerable though, or already fixed this. Well done!

Everything else should be treated as suspect though.

 

This is what I tested Gaslamp Games with. (And every other site I use.)
Test your server for Heartbleed (CVE-2014-0160)

 

Apparently in some countries checking yourself is illegal. So... y'know.

What I like about this bug and the implications is that I don't think I've seen a single thing that applies to the standard user. Everyone's like "omg apocalypse!" and doomsaying and talking about these huge problems, but no one has taken two seconds to explain it to your average user and say what they can or can't do to avoid it.

And from what I can tell, you can't do shit.

 

The website somebody set up: http://heartbleed.com/ isn't terrible. Apparently it's not known to have been actually used before they discovered and announced it. Change your older passwords if you're worried, and keep just an eye on things for a while, seems to be the main advice.

I recommend KeePass I haven't actually looked at a password in almost a year now.

 

Getting information via heartbeat depends on recent updates in server processes (recent updates in server RAM or data storage). To my mind, if there's something you shouldn't do it's causing updates to your accounts.

 

Which is something I think needs to be stated more often and more clearly, because I can imagine it's stressing some people out.

 

What a nightmare. Good luck even figuring out if your router's OpenVPN client/server uses a vulnerable OpenSSL compile...