Switch Theme:

GW store and Heartbleed?  [RSS] Share on facebook Share on Twitter Submit to Reddit
»
Author Message
    Subject: Advert
[Up]
Advert


Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you:
  • No adverts like this in the forums anymore.
  • Times and dates in your local timezone.
  • Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance.
  • Email notifications for threads you want to watch closely.
  • Being a part of the oldest wargaming community on the net.
If you are already a member then feel free to login now.




[Post New] 2014/04/27 11:51:30
    Subject: GW store and Heartbleed?
[Up]
Made in gb
[DCM]
Stonecold Gimster






I'd been checking out the https: URLs which I visit regularly with an online tool I use.
Thankfully nearly all the sites I use with pwd's or sensitive information are showing up safe from the heartbleed exploit - except one. GW's store.

The checker I've used was from;
http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html

It allows you to enter a URL [a https:] to find out about the server. (Below the graph if using the link above)

I admit I'm an IT numpty these days, but the only url I entered that came back with unsafe info was GW's.

Anyone care to check;
http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.games-workshop.com&Submit=submit
and let me know if I (and others on here) should be worried.

Thanks.


Gimgamgoo

PS: Apologies if I've missed an existing thread on this, the search engine was giving "An error has occurred" today. :-(

This message was edited 1 time. Last update was at 2014/04/27 11:52:19

Currently most played: Silent Death, Mars Code Aurora, Battletech, Warcrow and Infinity. 
   
[Post New] 2014/04/29 10:07:12
    Subject: GW store and Heartbleed?
[Up]
Made in gb
[DCM]
Moustache-twirling Princeps





Gone-to-ground in the craters of Coventry

GW's site didn't seem to be unsafe when I just ran the report.
But, I didn't run the plug-in, which may have more info.
I think the 'unsafe' status you saw for GW's site was before the upgrade.
6000 pts - Harlies: 1000 pts - 4000 pts - 1000 pts - 1000 pts DS:70+S+G++MB+IPw40k86/f+D++A++/cWD64R+T(T)DM+
IG/AM force nearly-finished pieces: http://www.dakkadakka.com/gallery/images-38888-41159_Armies%20-%20Imperial%20Guard.html
"We don't stop playing because we grow old; we grow old because we stop playing." - George Bernard Shaw (probably)
Clubs around Coventry, UK https://discord.gg/6Gk7Xyh5Bf 
   
[Post New] 2014/04/29 17:19:57
    Subject: Re:GW store and Heartbleed?
[Up]
Made in gb
Jealous that Horus is Warmaster






"The site offered the Heartbeat TLS extension prior to the Heartbleed disclosure, and is still using the same certificate. "

its only getting flagged because they are using the same ssl certificate as before they patched the heartbleed vulnerability - so the site is not vulnerable now, but technically if it was hacked before they patched it, and you haven't changed your password since they patched it, a hacker could have got your password and still be able to use access your account. simple fix is to reset your password again, if you want to be sure.

although thinking about it, it all happened around the time when they moved over to the new store and all the old accounts were lost anyway, so it may be completely irrelevant anyway, but as i said, if you want to be sure, just reset your password again
 
   
 
Forum Index » Dakka Discussions
Go to: