What is KVR Audio? | Submit News | Advertise | Developer Account

Options (Affects News & Product results only):

OS:
Format:
Include:
Quick Search KVR

"Quick Search" KVR Audio's Product Database, News Items, Developer Listings, Forum Topics and videos here. For advanced Product Database searching please use the full product search. For the forum you can use the phpBB forum search.

To utilize the power of Google you can use the integrated Google Site Search.

Products 0

Developers 0

News 0

Forum 0

Videos 0

Search  

Change your passwords.. NOW

If it's not about music it belongs here! Please keep it civil and decent.... except - see below->

Moderator: Moderators (Main)

User avatar
KVRAF
 
3228 posts since 20 Sep, 2005

Postby codec_spurt; Sat Apr 12, 2014 4:31 pm Re: Change your passwords.. NOW

So maybe you got caught up in a dump.

But what do you think the chances are of them targeting you?

Not much.

You are safe.

Even if they got your credentials in a grab bag, they would have to be really determined to make something of it.

You are safe.

But this is a massive security breach for sure. It's like Black Tuesday, or was that Monday. Whatever. There will be a lot of people hurt by this. But it won't be you.

Give it a day or two more before you change your password. Don't worry about it.


If your banking details are stolen, it is too late now. You will learn about this in the next few days. Changing your password won't do much good.

You are safe.

Don't worry.
--------------------------------------------
"One never loves enough" - R.D. Laing
--------------------------------------------
User avatar
KVRAF
 
6445 posts since 13 Mar, 2009, from UK
  

Postby seismic1; Sat Apr 12, 2014 4:47 pm Re: Change your passwords.. NOW

I have checked out 30 sites which I deal with. Approx. 10 were never vulnerable. Of the remaining 20, only 3 appeared to acknowledge the existence of the threat via announcements on their site or via an automated password reset.
User avatar
KVRAF
 
2453 posts since 18 Jul, 2008, from New York
  

Postby Frantz; Sat Apr 12, 2014 5:12 pm Re: Change your passwords.. NOW

SODDI wrote:I just checked steinberg.net and native-instruments.com - both are vulnerable.

Is there a thread on these forums where developers are reporting? Or is it up to us to check them ourselves?


Neither site is vulnerable according to SSL Labs. I don't think there is an issue.

For example: https://www.ssllabs.com/ssltest/analyze.html?d=steinberg.net
Fragile Gods: SoundCloud | Facebook
User avatar
KVRAF
 
5561 posts since 8 May, 2008, from ssssskipping ......... I left you there

Postby standalone; Sun Apr 13, 2014 1:18 am Re: Change your passwords.. NOW

SODDI wrote:I just checked steinberg.net and native-instruments.com - both are vulnerable.

Is there a thread on these forums where developers are reporting? Or is it up to us to check them ourselves?


If you used the LastPass test, they only say 'we don't know'. Having a two years old key is not bad if they are not using a vulnerable version.
"An Arrogant Instigator"
User avatar
KVRAF
 
6445 posts since 13 Mar, 2009, from UK
  

Postby seismic1; Sun Apr 13, 2014 7:42 am Re: Change your passwords.. NOW

standalone wrote:If you used the LastPass test, they only say 'we don't know'. Having a two years old key is not bad if they are not using a vulnerable version.


Correct, but only if that key was not used whilst a vulnerable version was installed, and the critical path was activated.
User avatar
KVRAF
 
5561 posts since 8 May, 2008, from ssssskipping ......... I left you there

Postby standalone; Sun Apr 13, 2014 7:53 am Re: Change your passwords.. NOW

Oh yes, I should have written "if they have not been using a vulnerable version", that is what I meant.
Last edited by standalone on Sun Apr 13, 2014 1:07 pm, edited 1 time in total.
"An Arrogant Instigator"
User avatar
KVRAF
 
8958 posts since 7 Dec, 2004, from Vancouver, Canada
 

Postby aciddose; Sun Apr 13, 2014 11:17 am Re: Change your passwords.. NOW

It has been proven that private/master keys are vulnerable. Chew on that.

Image
User avatar
KVRAF
 
6445 posts since 13 Mar, 2009, from UK
  

Postby seismic1; Sun Apr 13, 2014 12:50 pm Re: Change your passwords.. NOW

SoundCloud just logged me out and asked me to change password. For the second time in 3 days. Fortunately, I am reasonably inventive.
User avatar
KVRAF
 
8958 posts since 7 Dec, 2004, from Vancouver, Canada
 

Postby aciddose; Sun Apr 13, 2014 1:19 pm Re: Change your passwords.. NOW

The best course of action actually is to stop communication with any insecure server. That means any sort of communication at all.

You definitely don't want to be transmitting anything secure across SSL at this point, at all. That means zero, absolutely zero.

The theory now is that this extends to all SSL keys issued before all systems are patched, so the complete SSL system is dead at this point. A possible solution is to update clients and server to accept only keys issued after a certain date, but this date hasn't passed yet. That won't be possible until there is reasonable certainty that all clients and servers carrying any of these keys are patched and secure.

Give it a little more time and it'll get worse though, I promise. For now just make like it's 1993 again.
User avatar
KVRAF
 
2453 posts since 18 Jul, 2008, from New York
  

Postby Frantz; Sun Apr 13, 2014 7:28 pm Re: Change your passwords.. NOW

seismic1 wrote:SoundCloud just logged me out and asked me to change password. For the second time in 3 days. Fortunately, I am reasonably inventive.


Image
Fragile Gods: SoundCloud | Facebook
umd
KVRian
 
1071 posts since 26 Feb, 2006, from Fartland

Postby umd; Sun Apr 13, 2014 8:20 pm Re: Change your passwords.. NOW

I have nothing worthwhile to be stolen that requires a password I can remember of :shrug: But then again, I have nothing worthwhile to be stolen anyway.
Free midi plugins and other stuff:
http://jstuff.wordpress.com/
User avatar
KVRAF
 
8958 posts since 7 Dec, 2004, from Vancouver, Canada
 

Postby aciddose; Mon Apr 14, 2014 11:50 am Re: Change your passwords.. NOW

Exactly, 1993.

Unfortunately not everyone using the internet has such a luxury. Universities, corporations and individual contractors regularly use services that may be vulnerable to transmit confidential and secret information. Data centers regularly transmit large caches of data between themselves when they make up a distributed network.

This by itself doesn't matter, especially if additional layers of encryption are used. (They'd better be?)

What matters is the tiny chance that some critical piece of data may have ended up in a block of memory accessible to an attacker which then could lead to man-in-the-middle attacks and complete access to systems. The really difficult thing is not whether this has happened, but just trying to identify if it could have happened and how, and to patch those holes. This is an incredible task that needs to be undertaken.

Like I've said, this really doesn't affect individual people using the internet for ordinary day to day tasks like looking up junk on youtube or sending emails or facebook or ordering from websites. That is all reasonably secure, and the odds you'll be targeted when there are millions of vulnerable people with the same or more personal data available for identity theft or so on is low.

This is a major catastrophe for large corporations and governments.
User avatar
KVRAF
 
4494 posts since 28 May, 2005, from Netherlands

Postby Nielzie; Mon Apr 14, 2014 12:06 pm Re: Change your passwords.. NOW

After reading some more into this matter, I've decided to change passwords of my Outlook account (which is directly connected to my Windows 8 login account) and my Gmail account (which is directly connected to my Android Play Store account), just to be sure...
KVRAF
 
3696 posts since 19 Jan, 2008

Postby tapper mike; Mon Apr 14, 2014 3:51 pm Re: Change your passwords.. NOW

Out of boredom I've created a password generator
http://tappermike.com/Dad/passgen2.htm

And then I created an executable version of it for windows users
http://tappermike.com/Dad/passgen.zip
KVRian
 
1461 posts since 24 Dec, 2005

Postby t3toooo; Mon Apr 14, 2014 4:38 pm Re: Change your passwords.. NOW

After thinking a couple of days about this subject i get the impression,yet another drama.

I's always suspicious to talk about a topic but to not exactly know how it is working,i learned to forget those hypes pretty fast.
The heartbleed explanation,how it works,is not new anyway.

One of those internet fnords are spams for example.
Why isn't it possible to automatically block an e-mail by a title or words and not only by the sender address,maybe with a payed upgrade?
i haven't found any information about it but this solution would be amazing simple to stop loads of spam.
It seems there is no broader interest at all to reduce the spam amount.

Regarding the heartbleed.
One solution would be some kind of location confirmation,i had this once with yahoo,Something like a TAN (transaction number)
Confirmed by a handy,by demand if you change location.

Anyway,again those tasks are not done by jobless hobby crackers,that is government level.


Maybe another "excuse" to easily broadly sniffle e-mail accounts and "make the public aware" one way or another.
At least you were warned,LOL
PreviousNext

Moderator: Moderators (Main)

Return to Off Topic