There is a bug in a security package, utilized almost everywhere on the internet, that in the right conditions could allow an attacker to steal key/password information and potentially even gain access to the server. The bug has been in the wild for about 2 years and was only recently discovered, and subsequently revealed (by the "good guys") a couple days ago.
I just wanted to let you guys know what action we have taken, what the risks are, and what action YOU might want to take.
Action We Have Taken
Fixes for this bug were issued almost immediately by vendors. We updated all of our servers and software with the fixed versions right away, and have been monitoring for additional patches. All of our sites sit behind CloudFlare, who were involved in handling this issue before it even went public, so they were patched already. Our host is rock solid and has taken all necessary measures to protect themselves and their networks.
Potential Risks
In terms of our sites, things are pretty safe. We patched immediately, we are relatively "sheltered" behind CloudFlare, we have a very reliable and trusted host, and we have security standards of our own to minimize the risk of attack, including this.
The most sensitive information that could be gained from a compromise on one of our servers is your encrypted passwords. However they would be next to useless to an attacker, as they are salted and stretched using a powerful hashing algorithm.
We have no reason to believe any such attack occurred, and we are safe from any future attack related to this bug.
In terms of the greater internet, there is a risk that any information you have stored on any website could potentially have been compromised, including your passwords or financial information. This is especially so for any websites that have not yet, or do not, patch their software for this bug now that it is out in the open.
What Should I Do?
This attack affects the entire internet. Change your passwords on critical sites. Start with your email and financial accounts. Use unique passwords on each of these sites to prevent a compromise on a weaker site from allowing attackers into your accounts on stronger sites. Ask the owners of sites you use, especially small independent sites, if they have taken the necessary measures. There are some tools to help test sites, such as;
SMITEFire is the place to find the perfect build guide to take your game to the next level. Learn how to play a new god, or fine tune your favorite SMITE gods’s build and strategy.
Mowen
<Production Coordinator>
Distinguished (57)
Posts: 852
View My Blog
Attack
Kill Secure
Run
Catch
HammaSmite
Remarkable (7)
Posts: 344
View My Blog