NGminecraft, Heartbleed and You

If you haven’t heard, there’s a pretty big flaw in the encryption software that protects us on the internet. Simply put, a bug in OpenSSL meant that anybody (yes, anybody) could send a request to a server, and have the server reply with chunks of RAM that should never be accessible to the public. Even worse, those accesses never show up in logs.

It works pretty much like this:

The Heartbleed bug in a nutshell. (from XKCD http://xkcd.com/1354/ )

Mashable has a list of sites that are vulnerable, and Minecraft was one of them.

Change your Minecraft account password. Now. Seriously. Mojang even posted a notice on their blog about this flaw; it’s been patched but nobody knows what sort of account data could have been stolen.

That said, NGminecraft’s systems were never affected by this bug. I don’t have any sites that use SSL that can be accessed from the Internet, and Dynmap doesn’t even support encryption (why should it, it’s a map 🙂 ). Even if I did, I use Microsoft IIS which doesn’t rely on OpenSSL anyway.

Advertisements

A Sad Day in NGminecraft History

I regret to inform you that we have had our first griefing incident on this new map. Around 7:30 PM on January 6th, 2012, we had highly obscene and disrespectful griefing occur on a widespread basis. Blocks were set on fire with lava, and a user’s sculpture was defaced heavily and with such utter disrespect that it is sickening. Their acts break rules 1, 2, and 6, which are ‘don’t be a dick’, ‘don’t grief’ and ‘respect other people’s property’.

These users are banned from NGminecraft for eternity:

  1. EL33T_L3G4CY (Sebastian Benad), IP 70.73.57.120
  2. FoxyZiska (Franziska Benad), IP 70.73.57.120
  3. xDubbings (Harry Huang), IP 68.144.209.210
  4. ComposureMc (Jeremy Senior), IP 173.181.17.194

Continue reading