SE what countermeasures are taking for the Heartbleed Bug?

Printable View

04-13-2014, 11:52 AM
AdamuKun322

SE what countermeasures are taking for the Heartbleed Bug?

My account may have been compromised by it and I have e-mailed support to fix the problem. So, what countermeasures are you taking or is anyone else having issues trying to log in with all the correct credentials and it keeps saying you're wrong?
04-13-2014, 11:56 AM
Zaft

Quote:

Originally Posted by AdamuKun322

My account may have been compromised by it and I have e-mailed support to fix the problem. So, what countermeasures are you taking or is anyone else having issues trying to log in with all the correct credentials and it keeps saying you're wrong?

Square Enix hasn't said whether or not they were effected by Heartbleed. That being said, give support a call and they'll see what's going on with your account.

Remember, the best way to secure any account is with an authenticator. You can buy one for something like $7 (free S&H), or just download the app on your phone. Even if your username/password get compromised, it's very difficult to get into an account with an authenticator.
04-13-2014, 12:04 PM
AdamuKun322

Right. I mean atm I am logged into both Forums and Lodestone under an old password and I changed it to a new one, but it still won't let me sign in. I e-mailed SE and will follow up with a call on Monday if the issue is not resolved.
04-13-2014, 12:07 PM
Ninix

Quote:

Originally Posted by AdamuKun322

Right. I mean atm I am logged into both Forums and Lodestone under an old password and I changed it to a new one, but it still won't let me sign in. I e-mailed SE and will follow up with a call on Monday if the issue is not resolved.

This has nothing to do with the Heartbleed vulnerability, which SE's management site was not affected by.

Try clearing your cookies.
04-13-2014, 01:08 PM
Limecat

They're changing the encryption to ROT13.
04-16-2014, 07:17 AM
Doki

I'd love to see an official response to this as well. While I hope it's nothing, it's always nice to be sure.
04-16-2014, 07:18 AM
Moheeheeko

Get a security key, problem solved.
04-16-2014, 08:16 AM
C-croft

lol huge security exploit found, can be used against hardware as well as many important websites such as banks, social sites, email... but nope, gotta attack FFXIV players instead.
04-16-2014, 08:25 AM
kidvideo

Well... there's this https://lastpass.com/heartbleed/?h=n...tasyxiv.com%2F

"Site: na.finalfantasyxiv.com
Server software: Apache
Was vulnerable: Possibly (known use OpenSSL, but might be using a safe version)
SSL Certificate: Possibly Unsafe (created 10 months ago at Jun 2 00:00:00 2013 GMT) Additional checks SSL certificate history checks yielded no new information
Assessment: It's not clear if it was vulnerable so wait for the company to say something publicly, if you used the same password on any other sites, update it now."

EDIT: Just found what I was looking for:
"Before you log into a sensitive service check filippo.io/Heartbleed/ to see if the site has updated to SSL 1.01g, although beware some false negatives have been reported. But if it says it’s updated it is. Then you should also check to make sure any previously vulnerable site has updated its ssl certificate which you can do at https://sslcheck.globalsign.com/ or do several of these tests at https://www.ssllabs.com/ "