Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Gallery
Forum
Login
Register
Donations
Please Support Us!
Please help keep (=WDG=) alive
ShoutBox!
Last 100 Shouts:
mandl
January 27, 2024, 05:26:45 PM
Happy new year WDG
Berath
December 10, 2023, 05:52:39 PM
Hello Power!
Power
November 24, 2023, 09:51:34 PM
Helloes! I'm here for my annual password change! How is everyone doing?
Berath
August 03, 2023, 08:42:51 PM
WDG are going to i71. All welcome. Message for more information or ask on discord
Berath
July 27, 2023, 07:35:21 PM
The WDG discord channel is up and running. Send me a message or post for details
Berath
December 08, 2022, 04:05:12 PM
Odd. Should do. Send Mode a messsage here. He should be able to pick it up and send you an invite
sarcasmrules
December 07, 2022, 11:26:55 PM
@berath link doesn?t work
Berath
August 08, 2022, 09:32:46 PM
Who Dares Grins unites again here!
https://discord.com/channels/764441873166762026/764442075768684544
Berath
December 23, 2020, 12:34:53 PM
Spammers be gone!
Berath
September 28, 2020, 11:18:57 PM
Nice!
Zerocool09
September 28, 2020, 09:55:06 PM
I’m in 🙌
Berath
September 28, 2020, 02:59:45 PM
Yay!!!!!! Wix is in da house
Xena Warr.Godds
September 28, 2020, 02:55:44 PM
Hey Berath !! I made it !
Berath
September 25, 2020, 05:13:56 PM
Wix - we may have some new friends playing a new game finding their way here soon.....
Berath
July 01, 2020, 11:05:23 PM
Hello Terror. People still drop by here now and again
terror
June 29, 2020, 02:02:45 PM
Hi guys. I hope you are all well and keeping sane and safe during these trying times (and all that).
Just FYI that mode was looking for ways to get back in touch via reddit (r/WDG).
Berath
February 24, 2020, 09:26:46 AM
Zombie TF2? Do we need to dress up?
Power
February 19, 2020, 01:03:56 AM
I'd play zombie TF2
MrWoooMaker
February 19, 2020, 12:52:19 AM
Any appetite for a TF2 revival?
MrWoooMaker
February 19, 2020, 12:52:01 AM
Awesome
dohjan
February 19, 2020, 12:48:30 AM
Yes this thing is still on
Power
February 19, 2020, 12:47:16 AM
Hello! Is this thing still on?
Berath
December 26, 2019, 12:43:10 AM
Merry Christmas!!!
Berath
August 13, 2019, 07:35:11 PM
Sweeping and clearing out the cobwebs, keeping everything spruce
https://gph.is/2oImD0j
mandl
March 08, 2019, 11:38:14 AM
Cheers Stu / Berath was going to happen one day
Berath
March 06, 2019, 11:08:46 PM
It's officially 'not secure' according to Chrome now
Berath
March 06, 2019, 11:07:11 PM
Damn. 1&1 have upgraded their something or other but seem to have allowed for ancient forums like this to keep on
DoomWolf
March 05, 2019, 03:37:50 PM
NuB site is no more due to a forced PHP v7 upgrade on the web host that breaks SMF/TinyPortal.
Berath
January 31, 2019, 09:50:48 AM
mandl
January 22, 2019, 11:22:09 PM
nub site down
bye bye
aquila
January 01, 2019, 11:43:02 AM
Happy new year.
Who Dares... Grins!!
Karthus
December 30, 2018, 08:04:52 PM
no
mandl
December 29, 2018, 12:05:55 PM
MEssaage me
for a free steam key for faeria
mandl
December 25, 2018, 02:35:39 PM
merry xmas wdg
Berath
December 23, 2018, 11:34:33 AM
Hello Milli!
Millicent Bystander
December 21, 2018, 10:55:25 PM
Hello WDG!
Berath
December 13, 2018, 10:51:13 PM
I still pop by to give the old place a dusting and clear out
Burnalot
November 09, 2018, 03:36:17 PM
The shoutbox has actually had shouts in it recently? Impossible.
Karthus
November 08, 2018, 07:45:58 PM
:dohjan: :newkid:
Berath
November 06, 2018, 07:11:48 PM
Enjoy!
dohjan
November 05, 2018, 11:49:05 PM
Just poking about
Berath
June 02, 2018, 12:56:39 PM
Goodness me, so it does!
mandl
May 22, 2018, 03:38:35 PM
this site needs a shout in 2018
Berath
November 16, 2017, 08:08:43 PM
Spam removed. Thank you muchly Hulinut
Berath
October 15, 2017, 06:02:47 PM
Yay, been fixed!
Berath
October 14, 2017, 07:08:12 PM
I'm trying to get the mumble server up again
mandl
October 11, 2017, 06:23:26 PM
Orange Box 10 years old wow
Berath
June 18, 2017, 09:46:41 PM
Fluffy!
Teh Fluff
June 14, 2017, 03:14:35 PM
:p
Berath
May 30, 2017, 10:14:48 PM
Hmph. Spammers!
DeadlyAvenger
April 19, 2017, 08:20:44 PM
Also - hai!
DeadlyAvenger
April 19, 2017, 08:20:38 PM
Just in case no-one saw it - I posted about i61 over on the wdg-reddit!
Berath
April 17, 2017, 02:18:03 PM
Cleaning can be fun!
https://www.youtube.com/watch?v=jgSklu2yLDs
TNG
April 16, 2017, 12:28:45 PM
Don't mind me, just helping Berath clean up the dust
Berath
April 04, 2017, 09:46:13 PM
Mumble server down: I've submitted a ticket
Berath
March 13, 2017, 01:20:32 AM
It is. Sleeping
mandl
March 11, 2017, 06:24:54 PM
so quiet
Berath
December 06, 2016, 03:10:39 PM
Every day or so I drop by to empty out the logs, dust down the furniture and shake out the curtains
zaHz
November 04, 2016, 05:15:57 PM
How's tricks WDG?
Berath
November 02, 2016, 10:36:32 PM
Yay CruelCow!!
CruelCow
November 01, 2016, 08:17:40 PM
Yeah, I still check here regularly
Berath
November 01, 2016, 06:16:46 PM
Forum is back up after I did some tinkering. Did anyone notice it was down?!?
Berath
September 03, 2016, 05:48:48 PM
Thanks for offering but platformers = frustration for me. All that jumping about and getting impaled
TNG
September 03, 2016, 10:54:37 AM
Does anyone want a 75%off coupon for Feist?
Torgue
July 09, 2016, 02:56:39 PM
I knew you were behind them!
Leftism
July 08, 2016, 11:40:05 AM
What the fucking hell is all this shit?
You'll be blaming me for shit Tf2 updates next!
Berath
July 06, 2016, 11:35:09 PM
Therefore, Lefty is indeed responsible
Berath
July 06, 2016, 10:56:20 PM
Wales voted Leave
CruelCow
June 25, 2016, 05:30:56 PM
Well he *is* called Leftism
Yer man oer yonder
June 24, 2016, 07:36:47 PM
I'm going to completely unjustifiably hold Lefty to blame for the Brexit.
That is all.
r007
June 05, 2016, 01:56:52 PM
Woop woop i58 ticket bought!
Torgue
June 02, 2016, 12:01:09 AM
https://www.gog.com/news/introducing_gog_connect
Berath
May 13, 2016, 06:08:28 PM
I want that game
Karthus
May 07, 2016, 10:20:36 PM
its not optimized well just like the ps4 version
Brahms
May 07, 2016, 09:01:50 PM
why does everyone's gone rapture run like doggegg on my pc
Berath
April 13, 2016, 05:18:58 PM
Just to really bang it home. WDG sub-reddit here:
https://www.reddit.com/r/WDG/
Berath
April 06, 2016, 10:06:39 AM
Thank you
Uzz919
April 04, 2016, 04:24:56 PM
Just send you one.
Berath
April 04, 2016, 10:48:17 AM
If there are any still going, I'll have one
mandl
April 02, 2016, 11:47:32 AM
i have beta passes if anyone wants them as well
Uzz919
March 23, 2016, 12:18:40 PM
If anybody wants a tf2 competetive beta pass, i have a spare.
Berath
March 18, 2016, 12:18:46 PM
It's too expensive
DeadlyAvenger
March 15, 2016, 03:24:04 PM
Will you all go buy The Division now so I have someone to play with?
Karthus
March 11, 2016, 08:32:56 PM
FIREWATCH
Brahms
March 11, 2016, 07:56:09 PM
https://www.youtube.com/watch?v=h2dv4DWLN4o
this guy has some gr8 vidz
Brahms
March 11, 2016, 07:56:08 PM
https://www.youtube.com/watch?v=h2dv4DWLN4o
this guy has some gr8 vidz
Brahms
March 02, 2016, 06:02:38 PM
some of the stealth sections are a bit of a drag, but they're not as bad as the VIP escort missions in THE VITNESS
Torgue
March 02, 2016, 12:06:23 PM
Easy with the spoilers, guys! I'm still on the blunderbuss part.
Karthus
March 01, 2016, 09:17:32 PM
Can't believe Henry managed to use his NAVY Seal experience to defuse the bomb that was strapped to the bear in the end
Brahms
March 01, 2016, 03:38:29 PM
I just unlocked the rifle scope in firewatch, makes it much easier to pick off bears before they get into melee range
Karthus
March 01, 2016, 12:34:14 PM
FIREWATCH
Brahms
March 01, 2016, 12:13:37 PM
I can't believe GAMERS don't like the witness. It's the MOST GAMER game EVER.
Karthus
February 29, 2016, 12:08:32 PM
Its overrated. Now FIREWATCH on the other side...
Brahms
February 29, 2016, 11:21:43 AM
I got the basic ending in the witness and it was B A D
Brahms
February 22, 2016, 10:58:37 AM
I have no understanding of the environmental puzzles
Brahms
February 22, 2016, 10:58:25 AM
Every so often someone says something about "environmental puzzles" in the witness and I skip it because of spoilers
Brahms
February 15, 2016, 01:02:48 AM
press x to exercise 5th freedom
Karthus
February 14, 2016, 11:53:36 AM
My game came with an EXCLUSIVE PREORDER CODE for the Chaos Theory suit, shoulda preordered DUH
Brahms
February 14, 2016, 02:02:52 AM
i want the super stealth suit.
I go lethal on grim missions
Karthus
February 13, 2016, 12:40:44 PM
any of the optional missions are annoying.
Show last 34490
Main menu
Server rules
Forum rules
Join us
Clan members
About the clan
Server stats
WDG YouTube Channel
WDG Downloads
IRC Webchat
Links
Steam groups:
WDG community
WDG clan group
WDG Battlelog Platoon
Our allies:
[NuB] TF2 clan
Velocity Gamers Hub
Destination Gamer
GoG Links:
Wix Discord
Wix IRC channel
TF2 Links:
Official TF2 Blog
TF2 Steam Forum
The Fort 2
Calendar
April 2024
Mo
Tu
We
Th
Fr
Sa
Su
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Birthdays
Cheez (34)
,
Sk1nn3d (40)
Upcoming Events
Upcoming Birthdays:
Cheez (34)
,
Sk1nn3d (40)
Stats
Members
Total Members: 304
Latest:
vayuh
Stats
Total Posts: 126974
Total Topics: 4004
Online Today: 13
Online Ever: 340
(September 23, 2014, 12:11:24 PM)
Users Online
Users: 0
Guests: 39
Total: 39
My Community
Forum
Public
Technical
Topic: Security
Pages: [
1
]
2
« previous
next »
Print
Author
Topic: Security (Read 10156 times)
0 Members and 1 Guest are viewing this topic.
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Security
«
on:
April 08, 2014, 10:43:08 PM »
For your safety and amusement, boys and girls the big one is here. The mother of all security bugs.
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
66% of websites and servers are affected, they each put 64kb of active memory out over their "secure" SSL connections (The 64kb is a different area of memory each time a message is sent). Passwords, certificates, encrypted data, everything must go!
Logged
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #1 on:
April 09, 2014, 06:29:45 PM »
You need to change passwords on any service affected, but only after they have applied the patch and revoked their old certificates.
The following relevant sites so far are confirmed compromised.
Amazon hosting
minecraft
Flickr, Archive.org, Yahoo.com (and Yahoo Mail), Imgur, OKCupid, XDA-Developers, Steam (SteamCommunity.com), Eventbrite, 500px, and Slate
Steam haven't issued a statement yet which is extremely worrying considering they have been confirmed and reported as affected.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
«
Last Edit: April 09, 2014, 06:47:46 PM by discordance
»
Logged
Berath
Clan leader
Karma: 579
Offline
Gender:
Posts: 3780
Who is This Who is Coming?
Re: Security
«
Reply #2 on:
April 09, 2014, 06:50:44 PM »
So they need to tell us when they've applied the patch then.
Logged
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #3 on:
April 09, 2014, 07:19:54 PM »
applying the patch is useless without revoking your certificates as well, they have to do both. But yes this is the worrying thing. They've said nothing yet despite being reported as vulnerable on many tech news sites.
Logged
r007
Supporting the Brits since 2008
Clan admin
Karma: 489
Offline
Gender:
Posts: 1789
Bow before me, for I am root.
Re: Security
«
Reply #4 on:
April 10, 2014, 08:53:18 AM »
My guess is they'll just silently switch the keys. At least that's what I'll do once I get around to it.
At any rate, if someone (*cough*NSA*cough*) was actively using this before it became publically known, they're facing a huge needle and haystack problem.
«
Last Edit: April 10, 2014, 08:55:48 AM by r007
»
Logged
Ceterum censio
RFC1855
esse legendam.
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #5 on:
April 10, 2014, 09:42:15 AM »
Reports have come in of attacks dating back to at least last november. Fuck.
Silently changing your certs is extremely inappropiate in this case as all users need to change passwords after. Its a sign of total incompetance and no commitment to security to leave your users high and dry in this (talking bout valve but if you have users you need to tell them too r007 or at least just force a password reset). Perhaps they are being slow still but they are running out of time for handling this.
«
Last Edit: April 10, 2014, 09:44:30 AM by discordance
»
Logged
CruelCow
Unofficial Official Non-WDG WDG member
Karma: 1665
Offline
Gender:
Posts: 5922
Move along. Nobody suspicious is here.
Re: Security
«
Reply #6 on:
April 10, 2014, 11:10:16 AM »
Quote from: r007 on April 10, 2014, 08:53:18 AM
a huge needle and haystack problem.
Not really. People were able to extract private keys within hours after they heard about the bug. A state level attacker (who had potentially 2 years!) should've been able to do that on a wide scale easily.
Quote from: discordance on April 10, 2014, 09:42:15 AM
Reports have come in of attacks dating back to at least last november.
Link? Openssl doesn't log heartbeats, so it shouldn't be detectable retroactively.
«
Last Edit: April 10, 2014, 11:12:19 AM by CruelCow
»
Logged
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #7 on:
April 10, 2014, 01:13:08 PM »
Cant link from here. The suspect packet packet is loggable though on extreme logging settings. Security researchers had a few servers that have such packets in their logs from last november. The packet itself has a 0 length payload but a header declaring a 64kb length. This is what has been identified in some logs.
OpenSSL trusts the declared length of the packet and allocates that much memory then copies in the received payload. If the payload isnt actually the right length you get uninitialised memory. This isnt just a bounds check fail. This is the guy who wrote and then implemented the spec on heartbeat and trusted an external packet to declare a valid length. So dumb.
EDIT in round 2 dumbness they specifically disabled security features of malloc to prevent buffer overflow. Dumb dumb dumb dumb etc.
Only took 3 whole days but its finally the featured story on the guardian this afternoon. Perhaps because according to the bbc facebook and google were also affected and have been fixed and they need password changes now.
«
Last Edit: April 10, 2014, 04:35:30 PM by discordance
»
Logged
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #8 on:
April 10, 2014, 04:36:32 PM »
In case my last post buries it. Google and facebook are reported by the bbc as affected and you now need to reset your passwords
Logged
Banrab
Clan member
Karma: 9
Offline
Gender:
Posts: 186
Re: Security
«
Reply #9 on:
April 10, 2014, 04:42:09 PM »
What sucks is I have so many passwords for so many sites and now I'm gonna have to change them all
.
Is it really that bad or could I risk not changing them (every site has a slightly diff password)
Logged
how do i use this what's it for
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #10 on:
April 10, 2014, 04:51:36 PM »
Its really that bad. The attack has been known for a minimum of 5 months and has been around for 2 years. All passwords affected by this have to be assumed compromised. Get a password manager like keepass or lastpass it will help you get a grip on this mess and have stronger passwords.
EDIT: and bear in mind that the NSA were/are recording all encrypted communications... They might not be responsible for this but its a given they knew about it and recorded as much as they could. So they have server certs and passwords for basically everyone everywhere...
«
Last Edit: April 10, 2014, 06:33:18 PM by discordance
»
Logged
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #11 on:
April 11, 2014, 12:18:26 AM »
Oh good routers now.
http://arstechnica.com/security/2014/04/cisco-finds-13-products-so-far-vulnerable-to-heartbleed-including-phones/
Logged
Hulinut
Karma: 33
Offline
Gender:
Posts: 222
I left my shield belt in my other pants
Re: Security
«
Reply #12 on:
April 11, 2014, 09:46:12 PM »
In case anyone didn't get disco's explanation of how the bug worked, xkcd has a nice one:
http://xkcd.com/1354/
Logged
Oops — we've accidentally built a particle accelerator.
Brahms
I can't start laughing
Karma: 725
Offline
Posts: 3801
I'm Johannes Brahms and I died in 1897
Re: Security
«
Reply #13 on:
April 11, 2014, 10:07:49 PM »
http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
Logged
Official unofficial WDG Minecraft Server:
discordance
Karma: 417
Offline
Gender:
Posts: 4933
Curious
Re: Security
«
Reply #14 on:
April 11, 2014, 11:29:52 PM »
http://arstechnica.com/security/2014/04/nsa-used-heartbleed-nearly-from-the-start-report-claims/
I was ignoring the cries of conspiracy at first. But hmmmmm. To be fair they probably have the people to do the software verification than OpenSSL couldn't be bothered to do. But still, right from the start? Getting a bit suspicious.
Logged
Pages: [
1
]
2
Print
My Community
Forum
Public
Technical
Topic: Security
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Public
-----------------------------
=> General Discussion
-----------------------------
Gaming
-----------------------------
=> Team Fortress 2
=> Other games
=> Challenge us
-----------------------------
Public
-----------------------------
=> Introduce yourself
-----------------------------
WDG information
-----------------------------
=> Clan Trial Members
=> Joining the clan
=> Clan Trial Results
=> Forum & Server rules
-----------------------------
Public
-----------------------------
=> Technical
-----------------------------
Gaming
-----------------------------
=> Left 4 Dead
-----------------------------
Public
-----------------------------
=> Pets Corner
=> Gone but not forgotten
-----------------------------
Gaming
-----------------------------
===> Maps/Skins/Mods/GUI's
===> WDG KOTH CUP
-----------------------------
WDG information
-----------------------------
=> Server bans
-----------------------------
Gaming
-----------------------------
=> Game Suggestions
=> Archived Games
=> Minecraft
=> Battlefield Series
=> League of Legends
=> Planetside 2
=> Guns of Glory
-----------------------------
Wix Things
-----------------------------
=> Announcements
=> Information and Strategies
=> General Wix Discussion
=> Alliance rules
=> Suggestion Box
=> Nominations, ranking and elections
Who Dares... Grins UK TF2 Clan
Loading...