Was Crunchyroll affected by the Heartbleed bug?
12230 cr points
Send Message: Send PM GB Post
M / Canada
Offline
Posted 4/17/14
Just wondering, haven't seen any forum topics/search results on the matter. Has Crunchyroll taken the steps necessary to protect their customers personal data?
One Punch Mod
85975 cr points
Send Message: Send PM GB Post
F / Boston-ish
Offline
Posted 4/17/14

ceiryus wrote:

Just wondering, haven't seen any forum topics/search results on the matter. Has Crunchyroll taken the steps necessary to protect their customers personal data?


http://www.crunchyroll.com/forumtopic-845787/admins-heartbleed-vulnerability#46241423

We're good.
Posted 4/17/14 , edited 4/17/14
Nothing but bleeding hearts around here.
20813 cr points
Send Message: Send PM GB Post
21 / M / California
Offline
Posted 4/17/14 , edited 4/17/14

Yay!


Nothing but bleeding hearts around here.


Yay?

81337 cr points
Send Message: Send PM GB Post
25 / M / Inside Lorreen's...
Offline
Posted 4/17/14

dumpthosebodies wrote:

Nothing but bleeding hearts around here.


21016 cr points
Send Message: Send PM GB Post
32
Offline
Posted 4/18/14
What is "Heartbleed bug"?
29118 cr points
Send Message: Send PM GB Post
83 / F / Bite the pillow.
Offline
Posted 4/18/14 , edited 4/18/14

Thfelese wrote:

What is "Heartbleed bug"?


Here's a bit of information on it:

- Mashable Explains: What Is the Heartbleed Encryption Bug? (2-minute video)
- http://mashable.com/2014/04/11/mashable-explains-heartbleed-2/

- Heartbleed
- http://en.wikipedia.org/wiki/Heartbleed

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet's Transport Layer Security (TLS) protocol.

This vulnerability results from a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension, the heartbeat being why the vulnerability got its name. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed.

At that time, some 17 percent (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords.


Here's a basic visual representation of how the Heartbleed bug can be used to exploit an unpatched server:



Basically, you can trick an unpatched server into dumping a portion of its memory thereby potentially giving you passwords, login IDs, credit card numbers, etc... Here's the Heartbleed homepage for the bug itself with further explanation | http://heartbleed.com/
Sailor Candy Moderator
200577 cr points
Send Message: Send PM GB Post
28
Offline
Posted 12/28/15
"Year-end cleanup. Closing threads with no activity since 2014."
You must be logged in to post.