1Likes
LinkBack URL
About LinkBacksHeartbleed :: Posted 22 hours and 58 minutes ago
Apologies for the delay on posting this, I've been fairly busy lately.
As most of you are probably well aware a critical security flaw in OpenSSL, CVE-2014-0160, known as Heartbleed has been all over the media over the last week. I won't go into the details of the vulnerability here as most of you are probably aware of the implications of this already. If you're interested in finding out more, please visit http://heartbleed.com/
Some users have been questioning TehConnection's stance on this and what we intend to do about it, so I'll clear all that up now. Prior to April 1st 2014, TehConnection was running OpenSSL 0.9.8o, a version of OpenSSL unaffected by this vulnerability. On April 1st we updated our frontend servers to OpenSSL 1.0.1f, a version that was vulnerable. On April 7th we were made aware of this vulnerability, and upgraded to a version of OpenSSL which was not vulnerable.
This leaves TehConnection's total exposure to this vulnerability being around 6 days. When the vulnerability was disclosed to the public on April 7th, we patched within 2 hours.
What have we done about it? Other than patch our OpenSSL to no longer be vulnerable - we've not done anything. We're internally discussing re-issuing our SSL certificates, as there is technically a chance our private keys could have been compromised; however at the moment we do not feel that this is a threat to the integrity of the site's security.
If you want to take extra precautions yourself, change your site password and re-generate your torrent passkey. If you logged into the site between April 1st and 7th then there's a small chance your plaintext password could have been compromised.
Our official stance here at TehConnection is that we aren't worried about the future implications of this exploit and do not intend on taking any further action other than what has been discussed above. Due to our extremely minimal exposure time and quick patching of the vulnerability once it had gone live we do not feel the need to take any further precautions.
If you've got any questions please post them in this thread or contact us via Staff PM, I'll do my best to answer all questions to the best of my ability.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
Thread: TehConnection : News
-
04-15-2014 #1Hand of the LAW
- Reputation Points
- 74675
- Reputation Power
- 100
- Join Date
- Feb 2014
- Posts
- 5,549
- Time Online
- 90 d 19 h 22 m
- Avg. Time Online
- 35 m
- Mentioned
- 974 Post(s)
- Quoted
- 565 Post(s)
- Liked
- 5872 times
- Feedbacks
- 490 (100%)
TehConnection : News
HadToBeu likes this.
Newbie's Guide - How to survive in TorrentInvites and BitTorrent World
How To Make Ratio Proof, Speedtest Proof or Seedbox Proof
Banned Countries at Private Trackers [Sorted by Tracker]
Banned Countries at Private Trackers [Sorted by Country]
Acronyms of Private Trackers
How to Get Invites at your trackers
Internal Encoders Groups For Private Tracker
2015 Tracker Reviews
Member of the Year 2014
Reply With Quote
