VoyForums - Free messageboard services

[Home]

[Contribute]

[Create your own Forum]

[Categories]

[Owner Login]

[Search]

[Exchange]

[Help]

[FAQ]

GIVE FREE FOOD
www.TheHungerSite.com
-> Click Here <-
Fund Free Mammograms with a Click
www.TheBreastCancerSite.com
-> Click Here <-
Non-profit ad served by VoyForums...


VoyForums News and Updates

  • Thursday, April 10, 2014: Announcement of "heartbleed" vulnerability in OpenSSL
    • An announcement was made on April 7th of a vulnerability in the open-source "Secure Sockets Layer" software, OpenSSL. This software is used by us at Voyager, as well on servers around the world, including Yahoo!, Imgur, and Google. Google points out that, "Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected."
    • VoyForums software has been updated with the security fixes, and we recommend you change your password(s).
    • About the vulnerability:
    • The bug allowed those who could exploit it to get a random chunk of memory from the server (whatever data happened to be in that chunk of memory). They could repeatedly do this, apparently, gaining access to various random chunks of memory, but they could not actually choose which memory they received. On VoyForums, this could have include usernames, passwords, IP addresses, or email addresses (if transferred in either direction). This also includes information your browser sends "behind the scenes" between itself and the websites you visit (in cookies, and the "HTTP header"). Thankfully, we removed our pay services almost completely several years ago, and also entirely stopped accepting credit cards several months ago (before the vulnerabilty became publicly known). Nevertheless, the bug has existed since December 31st, 2011 (see the last note in this news announcement).
    • Please keep in mind, stored data on our server is not available through this bug, only information being accessed by the webserver software itself. Our software runs separately from the webserver, so only data passed through the web server or accessed by it, itself, was prone to exposure (this includes the possibility that a webserver's private SSL (https) key is exposed). We have updated our server software as well as established new keys in our secure servers.
    • While the vulnerability was announced on April 7th, 2014, it has existed in the OpenSSL software since December 31st, 2011. It is possible that systems around the world were succeptible to data leakage for this time if any groups discovered the bug. It is worthwhile to note that many if not most large financial institutions do not use OpenSSL, but as mentioned above, even Google Wallet was apparently affected in some way. Please see GitHub's list of the top 1000 sites to see if a site you use is affected, Wikipedia's page on the Heartbleed bug for an overview, and some responses from various sites about their affected systems. Of course, please also do a web search for "heartbleed" if you wish to read more about the bug.
  • Sunday, April 6, 2014: VoyForums delays expanding/opening members system
    • We have been working on our member system to allow open access for all visitors, but we are delaying this into next week in order to address security features due to the recent spam attacks on our system.
  • [ Older news: VoyForums News Archive ]

Future updates to this page will be found at the VoyForums News Page.


VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2016 Voyager Info-Systems. All Rights Reserved.