Was unrealengine.com or its payment gateway affected by the Heartbleed http://www.zdnet.com/heartbleed-security-patches-coming-fast-and-furious-7000028216/ bug? Unrealengine.com’s ssl certicate was issued 4/9/2014, seeming to indicate that the server suffered from the vulnerability but was patched and a new cert installed. Maybe Epic should let us know?
What I don’t understand about this Heartbleed stuff is how to get information from affected sites has been released as well as a list of sites that haven’t been fixed yet. Surely it’s better to ignore what sites have and haven’t been patched until all have been fixed - Otherwise, you’re giving people who can gain access to the SSL certificate an open door saying “Free Food”.
If it has been fixed on here, great. But I’d rather not know, because if I know, then no doubt someone else who shouldn’t know will know.
You can try http://filippo.io/Heartbleed/ to see if a site is still affected, though it doesn’t always work.
This is what I mean though, it’s been leaked what the problem itself was, so anyone with a programmer brain can figure out how to use the exploit. Now all they have to do is search on that site a random site until an unsecure site comes up and bam. It’s like a free dictionary of people’s information. This is exactly what I’m saying. I’d rather play dumb.
On top of that, any site that has been affected(and part of the exploit is they have no way of knowing they were…), has its SSL keys invalidated.
So the fallout from this isn’t even over, almost every website on the planet needs to get new SSL certs issued, if they just patched the exploit but didn’t change the key, they’re still vulnerable to anyone who had already exploited it, and got their private keys.
As with a good portion of the Internet, we were susceptible to the Heartbleed exploit. We patched and tested our backend systems on Wednesday, and we are no longer vulnerable. We are still monitoring everything, and recommend that folks read reports such as How to Protect Yourself From the Heartbleed Bug.
dear crowl, could you then please talk to the security guys/team that a all user password reset should be performed.
This bug could affect the(/all) users accounts even if from EPIC side the bug is fixed, OpenSSL updated/downgraded.
Good checker here.
It was Recommended that people change their passwords from within applications such as (Trillian, Skype, MSN…Etc) instead of browsers for now, I also recommend users changing their passwords for the other sites as soon as they find the new SSL certificate issued.
@Crowl thanks for the input give us an update when everything is more stable if possible please just in case.
Thank you for responding. What payment gateway service does Epic use for unrealengine.com? Securing unrealengine.com doesn’t ensure our payment data is secure, since payments are handled by a 3rd party, no?
@Necro they said before they do not hold credit card details.
i woudnt worry too much just check your bank statements and all. im sure some info was leaked but i think sometimes with things like this it often acts like gloom and doom. a lot of times “hackers” companies etc are looking spacific infiomation if they did have access to a ton of credit careds but start using all of them. it would draw attention. Id just be careful if need be change your password you can perhaps request a new credit card number from your bank or card holder if you desire but if you havent seen any changes in your statmeents or what. i woudnt worry. :-).