NGminecraft, Heartbleed and You

If you haven’t heard, there’s a pretty big flaw in the encryption software that protects us on the internet. Simply put, a bug in OpenSSL meant that anybody (yes, anybody) could send a request to a server, and have the server reply with chunks of RAM that should never be accessible to the public. Even worse, those accesses never show up in logs.

It works pretty much like this:

The Heartbleed bug in a nutshell. (from XKCD http://xkcd.com/1354/ )

Mashable has a list of sites that are vulnerable, and Minecraft was one of them.

Change your Minecraft account password. Now. Seriously. Mojang even posted a notice on their blog about this flaw; it’s been patched but nobody knows what sort of account data could have been stolen.

That said, NGminecraft’s systems were never affected by this bug. I don’t have any sites that use SSL that can be accessed from the Internet, and Dynmap doesn’t even support encryption (why should it, it’s a map 🙂 ). Even if I did, I use Microsoft IIS which doesn’t rely on OpenSSL anyway.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s