Editing Talk:1353: Heartbleed

Jump to: navigation, search
Ambox notice.png Please sign your posts with ~~~~

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 10: Line 10:
  
 
I'd just like to take this moment to say that even though you probably don't have anything of value stored here, Explain xkcd is good on the Heartbleed front. Not using any of the affected software because the data we handle isn't private at all probably helps with that. And yes, Mediawiki hashes your passwords before they're sent. '''[[User:Davidy22|<u>{{Color|#707|David}}<font color=#070 size=3>y</font></u><font color=#508 size=4>²²</font>]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 07:18, 9 April 2014 (UTC)
 
I'd just like to take this moment to say that even though you probably don't have anything of value stored here, Explain xkcd is good on the Heartbleed front. Not using any of the affected software because the data we handle isn't private at all probably helps with that. And yes, Mediawiki hashes your passwords before they're sent. '''[[User:Davidy22|<u>{{Color|#707|David}}<font color=#070 size=3>y</font></u><font color=#508 size=4>²²</font>]]'''[[User talk:Davidy22|<tt>[talk]</tt>]] 07:18, 9 April 2014 (UTC)
 
: Davidy22 - While your first point was correct (explainxkcd isn't vulnerable to heartbleed as explainxkcd doesn't any encryption -- everything starts being sent in plaintext over the net), your second point is wrong.  As anyone with wireshark can verify (or using your web browsers' developer tools), when you login to explainxkcd from `http://www.explainxkcd.com/wiki/index.php?title=Special:UserLogin&returnto=Main+Page`, you make a POST request to `/wiki/index.php` that contains as a POST variable your user name (in the POST variable wpName), and your password (in the POST variable wpPassword), both sent in plaintext.  Granted it probably is stored in the database hashed (hopefully with a unique salt and a good hash algorithm), it is readable by any network eavesdropper.  Not really a problem though, if you don't reuse passwords or mind if your account here was compromised.  [[User:Jimbob|Jimbob]] ([[User talk:Jimbob|talk]]) 22:38, 9 April 2014 (UTC)
 
  
 
Have the following from [http://www.openssl.org/news/secadv_20140407.txt OpenSSL Bug Report]
 
Have the following from [http://www.openssl.org/news/secadv_20140407.txt OpenSSL Bug Report]

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Template used on this page: