For some strange reason, despite being a big deal in internet security, the Heartbleed hole hasn’t been getting much attention. You may not even know about it. But you should, because it also affected your gaming portals.
Most of us feel safe on the internet – we buy things and store all sorts of data online. The more internet savvy among you probably know to look for that https:// at the start of secure sites. This is all thanks to two technologies, Secure Sockets Layer (SSL) and Transport Layer Security (TLS). They’re the thing that deals with the exchange of cryptographic keys so that your browser and a server know who you are. Unfortunately, there was a problem in the coding that meant malicious people could abuse version of OpenSSL to grab private data should should have been secured by SSL/TLS. It goes beyond sneaking a peek at your login details or even credit card number:
But that’s small time spoils compared to the real danger. Attackers will also get a look at how the site that’s taking your data identifies itself. And once that half of the handshake is out in the wild, all bets are off. Not only could ne’er-do-wells use their new-found key to fool people into thinking they are a fine upstanding place of business with a good ol’ man-in-the-middle attack, they can also look back into transactions that already happened. And since they’re getting in with the master key instead of breaking through a window, these sort of attacks leave no trace.
Here is a long list of all the sites known to have used the hackable package. No, Google, Amazon, and Facebook were fine. However, Steam and RedTube made the list of vulnerable sites. Those vulnerabilities have since been fixed, but you may want to think about changing your Steam Password and resetting your Steam Guard. Sure, it’s a massive inconvenience, but it might pay off down the line.
It appears that PlayStation and Microsoft’s hacking issues in recent years meant that they closed all sorts of loopholes, but you may want to also think about changing those passwords as well. In actual fact, this might be a good moment to evaluate when last you changed passwords – have you been using the same login credentials for all sites since The Last Guardian was announced? It might be time to evaluate your internet security.
Last Updated: April 11, 2014
Norm the Horrible
April 11, 2014 at 11:35
“ave you been using the same login credentials for all sites since The Last Guardians was announced?”
April 11, 2014 at 11:36
I’ll change my password when TLG comes out. So I guess I’ll be changing it some time this year