NGminecraft, Heartbleed and You

If you haven’t heard, there’s a pretty big flaw in the encryption software that protects us on the internet. Simply put, a bug in OpenSSL meant that anybody (yes, anybody) could send a request to a server, and have the server reply with chunks of RAM that should never be accessible to the public. Even worse, those accesses never show up in logs.

It works pretty much like this:

The Heartbleed bug in a nutshell. (from XKCD )

Mashable has a list of sites that are vulnerable, and Minecraft was one of them.

Change your Minecraft account password. Now. Seriously. Mojang even posted a notice on their blog about this flaw; it’s been patched but nobody knows what sort of account data could have been stolen.

That said, NGminecraft’s systems were never affected by this bug. I don’t have any sites that use SSL that can be accessed from the Internet, and Dynmap doesn’t even support encryption (why should it, it’s a map 🙂 ). Even if I did, I use Microsoft IIS which doesn’t rely on OpenSSL anyway.