Awesome. Just logged in on 3 different sites with my Steam account.
Comment has been collapsed.
Listening to Madeon-Technicolor while reading these comments makes the whole ordeal seem really awesome, like something straight out of a fast-paced thriller.
Comment has been collapsed.
no one asked you...he made a grammar mistake jerk, btw ALL sites using OpenSSL are affected.
Comment has been collapsed.
are you really such a jerk? please get a brain first before entering a conversation.
NO BIG company that is using SSL "forgets" to update....this includes mail providers, maybe your bank account etc...
Comment has been collapsed.
i dont care what you saw, you fail hard...LOTS of sites are using OPENSSL, just because you dont doesnt mean others do it aswell.
your sites are also not even worth to discuss
Comment has been collapsed.
Not even worth to discuss... Because you know you're wrong. :D
Comment has been collapsed.
Hey, jackass, first off, the mistake was never a grammar mistake. MacAssix messed up the domain extension; no grammar mistakes to be found. How you got to "grammar mistake" baffles me. Seriously, please, tell me how you got the idea of mentioning "grammar mistakes".
Second, I've worked for all kinds of IT-based companies in the past, including ones as "big and professional" as mail (service) providers, ISPs, and banks. All of them have wildly varying degrees of staying up to date on their software. Not every possible software update for every type of software is seen as a mandatory one in corporations, partly because of the scope of many updates' influence on inter-connected systems and the fact that almost every update requires a set plan as part of a complicated roll-out / project. Updating your Firefox to the latest version on your home PC is nothing like updating a piece of software across 1000+ PCs that are part of a network and making sure everything keeps working properly, and that's not even considering the headache of dealing with live / production systems versus user systems. Also, many updates are simply overlooked or forgotten. In other words, a company not updating their SSL is entirely plausible and very well possible.
Third, everything wuddih has said was entirely fact-based, logically sound, and entirely not offensively worded, attacking anyone, or meant disrespectfully. So why in the hell are you acting like such a fucking jerk to him/her for correcting MacAssix, with something pretty important to begin with - making sure you visit the proper domain so you don't get phished? There is literally no reason for you to "defend" MacAssix like this. And not only did your first replies to him make little sense in their incredible level of idiocy and anger, you went absolutely full retard in your reply to
"incorrect, any website using 1.0.1 version until subrelease f. other versions are not affected. if someone simply forgot to update to 1.0.1 he was never affected."
How does it even make sense, when wuddih is literally saying nothing other than simple facts about the security bug, to begin your reply with "are you really such a jerk? please get a brain first before entering a conversation"? And shit like "i dont care what you saw, you fail hard...LOTS of sites are using OPENSSL, just because you dont doesnt mean others do it aswell. your sites are also not even worth to discuss"? Seriously? By your own logic in that statement, indeed, not everyone doesn't use SSL, but by saying that you're also saying that not everyone does. You're confirming wuddih's logic with your own angry attempt at acting like an asshole.. And to then end with "your sites are also not even worth to discuss"? Really now? So, tell me, what are wuddih's sites? Of course you wouldn't be so mind numbingly stupid as to (pointlessly) insult something that is entirely unknown to you, especially when it has no bearing whatsoever on what's being discussed, right? Right?
Pretty funny stuff, but also quite frustrating and a little depressing to think there's people with as little intelligence and critical thinking skills as you on the 'net / alive today.
Comment has been collapsed.
Nah but for real, I felt I had to spit it out, the guy was frustrating me so I quickly typed that up, to vent a little, maybe laugh at the idiocy a little, maybe just to hopefully shut him up, but definitely to show wuddih some support, and that there's at least some people who see what they're saying, and how obtuse their unfortunate discussion partner is.
Comment has been collapsed.
oh i did read but we are living in different timezones and therefore you gotta wait for the reply ;)
Comment has been collapsed.
It would seem to me that someone made the mistake of jumping to the conclusion that he was "either trolling or advertising a completely unfinished website".
My common sense told me, "He likely meant .info" and the two seconds it took me to go to their Twitter confirmed that.
Comment has been collapsed.
you werent even able to scroll down to all reference links to read through. no, you kept asking...
Comment has been collapsed.
What does editing have to do with anything? Are you trying to call me a nerd because I thought it through rather than making a stupid assumption?
You made a stupid post, people called you on it and rather than admitting to it, you're continuing to dig a hole.
Comment has been collapsed.
That + Don't pay too much attention to such...
I personally am grateful for the correction and think that making the OP notice it and edit his original post was also important enough.
Mind not some people who think that anonymity gives them the power of gods and ultimate judgement
Comment has been collapsed.
I know eh? Why would someone just blatantly accuse someone of trolling for no reason, that's quite offensive. Are you starting to see what I'm getting at here? You jumped on him and are now throwing a hissy fit when it happened to you.
Not that it matters, but simply visiting a website would not do squat if we're referring to this exploit.
Comment has been collapsed.
You have been pretty much the most aggressive and offensive person in this thread. You know that there's a reason why so many people are arguing with you. Maybe it has something to do with you throwing out ad hominems every chance you get.
Comment has been collapsed.
.. Um, what? He made a good point using words that while slightly harsh, weren't at all direct insults, attacks, or otherwise directly offensive, then got harassed and attacked by others like he'd been swearing at people like a sailor. Furthermore, in his responses to this barrage of insults and nonsense replies, he was civil, and worded himself very simply and politely. The people replying to him just kept getting worse and worse in their idiocy and aggressiveness... I don't know what thread you're reading.
Comment has been collapsed.
We will have to agree to disagree. I believe that calling someone a troll is a direct insult. Same with calling someone a nerd. And, unrelated, but I can't believe you can't see how arrogant this post makes him sound.
I will agree with dohlicious is far worse, however.
Comment has been collapsed.
oh my .....please stop and just leave. you know nothing about any person here but you keep on saying that the average user here is a nerd/dummy that has no idea whats going on.
Comment has been collapsed.
Well you know nothing of him yet you called him jerk.
Comment has been collapsed.
... Again more idiocy. Look, let me explain something very important to you, for life in general. When someone says something, they have a specific intent behind their words. The words they choose and use can mean something entirely different in their mind, than it does in yours. Can you wrap your head around that concept? It requires empathy and actually taking the time to try and see things from a different perspective to your own little brains'. I know, it's a biggy, huh? Try thinking about it for a few days, maybe the realisation will come to you.
To spell it out for you (as I suspect you'll need the concept explained verbosely using this current example) - wuddih explained, twice already, that "nerd" is not being used as an insult by them, but rather a compliment, and still you seem to equate wuddih's intended meaning of the word "nerd" to "dummy". No, wuddih was not saying "nerd SLASH dummy", wuddih was saying "nerd" as in; "somewhat more experienced PC users than the average Joe". By the way, that was a quote from them; they already told you exactly what they meant by "nerd", yet your tiny little mind still has trouble grasping it, it seems.
I hope my post has elucidated the concept of meaning for you. Are we now on the same page? God it feels like I'm talking to an angrier version of Ralph Wiggum.
Comment has been collapsed.
You sure he's not just trying to cover himself by making the excuse that he's calling himself a nerd too? I have never heard nerd being used as a compliment and at least in the US, it still carries that negative stigma associated with awkwardness, no social skills, etc.
sigh There are so many idiots on the forums these days.
Comment has been collapsed.
By the way, idiot is not an insult - it's a compliment!
This is essentially what wuddih is doing here.
Comment has been collapsed.
I've been in IT related communities for 16+ years on- and offline, and have seen and heard both "nerd" and "geek" used in both positive and negative ways. Usually the distinction is that one means what you just said; a socially awkward, pimply doofus - while the other means something along the lines of what wuddih said; someone who's interested in "techy" stuff, is intelligent, (self)educated, and knowledgeable. The only problem I've seen arise from the two words is that it seems some communities / individuals use "geek" as the positive word, and "nerd" as the negative one (usually the case), but I've seen it the other way 'round loads and loads of times, too. Heck, maybe the original meaning was indeed negative, while "geek" was used in a positive sense (this is how I remember it being way back when), and someone, somewhere once messed it up and switched them 'round, and the mistake spread to the point where lots of people were using the terms "incorrectly", but in the end, that kinda makes it a moot point when - again - I've seen both "nerd" as well as "geek" used to denote something positive.
Also, the truth of his meaning can be seen quite simply from his original post using the word.
"yeah, OP edited it to the correct domain, but I guess you can imagine the average user and not the bunch of nerds being active on the forums here, right?"
He's juxtaposing the group "average users" against the group "nerds", suggesting that average users might make the mistake of going to a potential phishing website due to OP's original (now fixed) mistake, while nerds (being clever and knowledgeable enough to avoid such a mistake) would not. Being someone who himself noticed the mistake, he would fall into the "nerd" group, by his own logic. It's quite obvious for anyone with an ounce of common sense and grasp of semantics that his later post where he elaborates on his intended meaning when using the word "nerd" was truthful, and not a cop-out / weak excuse; he doesn't mean it offensively - unless you're suggesting he's insulting himself, too.
Comment has been collapsed.
Self degradation does exist in this world. Anyways, see reply from both me and Yeliana below.
Comment has been collapsed.
You're an idiot. That's a compliment, not an insult ^^
Seriously though, there are so many people here arguing with you. Perhaps you should ask yourself why that is?
Comment has been collapsed.
It really was not meant as an insult. Although, not a compliment either. Just pointing out what wuddih is essentially doing.
Comment has been collapsed.
okay I can see that but wuddih's use of nerd being a compliment seems more valid than your example. Even in America nerd can be seen as a compliment unless you hang out with "popular" people who think they have dominion over a words negative meaning because they say so
Comment has been collapsed.
I don't understand what part of "intended meaning" you don't understand. You're not the one who used the word "nerd", wuddih is. As such, all that matters is what they meant by it. If an arab visits my country of the Netherlands and says "k's" (basically like "kus" but a real short middle sound), we'll all think he's saying the word "kus", which means "kiss" in dutch, but in arabic its' a derogatory term for a vagina - as in, for example, "k's om'k" ("your moms' pussy", a typical arabic insult). Similar deal, here.
In fact, as the entire topic of this thread was concerning something tech-related, and it's a thread on a gaming related website (also in the realm of "techy stuff"), it's a bit senseless to say "..for some people.." as the intended recipient of the use of the word "nerd" wasn't just any random sampling of people, but specifically people visiting a site / forum / thread like this - in other words, in large part people that will likely not misinterpret wuddih's (again) intended meaning. I sure as hell knew he didn't mean it as an insult but rather a token of kinship and potentially even a compliment, even as I read his first usage of the word in the thread. Like I already said to jatan11t, in my 16+ years on the net, I've seen both "geek" and "nerd" be used as terms of endearment, kinship, comradery, or simply complementary in nature. "Maybe it had a positive meaning.." has nothing to do with what I said to jatan11t. I never said it used to mean one thing then changed, I said I'd seen it mean both a negative and a positive thing in all kinds of places, on- and offline; I never said anything about that being something from the distant past.
".. to me personally..", "..at least not where I live", "based on my experience".. All irrelevant. Someone else said something, not you. They use words in their way, with their intended meaning, which wuddih explained perfectly well in now two posts, including a new one just posted right after my earlier posts; right at the end of this comment chain. It proves my analysis of his usage in my reply to jatan11t correct (although it already was proven to be correct by looking at the way wuddih worded him/herself in his/her first post using "nerd").
Again - what part of "intended meaning" can't you understand? For real?
Comment has been collapsed.
If I go to a country, insult someone without intending to do so, and they point it out, I will apologize to them. I will not say "I meant it as a compliment, deal with it," as wuddih is doing. Simple as that.
It seems to me that this is just common courtesy to do so.
Comment has been collapsed.
I am a recent alum of both the undergrad and graduate schools of Caltech, which Big Bang Theory is a parody of. Let me state for the record that I doubt a large majority of people there would consider nerd to be a compliment. This is certainly the case among all of my friends there.
You may not have seen the offense before you posted, but you can clearly see multiple people here who believe nerd to be an insult.
Comment has been collapsed.
Oops, my apologies. I jumped to conclusions after you said "nice nice." You probably don't know this, but that's actually a way of mocking a specific person on steamgifts :P
That toilet contest happened after my graduation. I haven't been keeping up with things too much.
Comment has been collapsed.
get a hold of your tinfoil hats boys and girls, and gather around the camp fire!
Comment has been collapsed.
Any credible links from reliable sources, or is a Steamdb knock-off as good as it gets?
Comment has been collapsed.
you cant even read to the end where it says:
References
CVE-2014-0160
NCSC-FI case# 788210
http://www.openssl.org/news/secadv_20140407.txt (published 7th of April 2014, ~17:30 UTC)
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities (published 7th of April 2014, ~18:00 UTC)
http://heartbleed.com (published 7th of April 2014, ~19:00 UTC)
http://www.ubuntu.com/usn/usn-2165-1/
http://www.freshports.org/security/openssl/
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://rhn.redhat.com/errata/RHSA-2014-0376.html
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html
http://www.kb.cert.org/vuls/id/720951
https://www.cert.fi/en/reports/2014/vulnerability788210.htmlComment has been collapsed.
So funny everyone starts panicking once this news got out
But the bug has been there for 3 years and god knows how many times it was abused before someone caught on..
Dont worry too much, unless you have something very valuable on your account and many people that know about it, i highly doubt anyone is gonna bother hacking random steam accounts, it'd be much more use hacking a bank or some other place where there is actual money to be made ;)
Not to say you shouldn't be careful, but not more so then yesterday.. SSL is a good effort at security but its not 100% proof, like any security
Comment has been collapsed.
well Steam seems to be the only website in YOUR internet. openssl is used by many companies
Comment has been collapsed.
Should we have been panicking before it was known? That was a pretty stupid statement. As it was found by security experts, there is no current proof that it has been used maliciously so to say "god know how many times it was abused before someone caught on" only creates more panic which you were just complaining about.
Thanks for all the advice and everything. Unfortunately, you seem like someone who read an article or two and became an expert.
Comment has been collapsed.
Since it leaves no traces its impossible to prove if it was or was not abused in the past :P
The fact that legit security experts found out now doesn't really mean a thing, most hacks are found by people with less then pure intentions and so do not become public.
Just strolling around the darker corners of the internet, its easy to buy 100's of exploits that have not been fixed in currently used software..
Security should always be watched, not just because there is a flaw in something now.
And yeah Dholicious i only go to steam....right, i just didnt feel like typing 2 pages of useless text since noone will read it anyway.. this was just in response to the heartbleed bug's effect on steam.
Ofcourse you should be very careful on banking and other financial transactions, always.
Comment has been collapsed.
That was exactly my point, most "hacks" are discovered by security experts when they start to see it in the wild. Just because it leaves no traces, does not mean it won't be discovered. If that was the case, I'm sure they would have stated it. Perhaps the stolen information simply hasn't been put to use yet as they didn't want to bring attention to the exploit. We're both really just taking stabs at it with no proof.
The fact that exploits are for sale also proves nothing. There are exploits for outdated software, software is seldom used. Different exploits have different results and as such to compare this to "100s of exploits" is foolish.
I stand by the last statement I made in my previous reply even more so now.
Comment has been collapsed.
made a post about it on steamforums, just in case
Comment has been collapsed.
If anybody could post about this on the steamcommunity, would be nice, since Im not sure many of them are aware of this issue
Comment has been collapsed.
I guess this means i can finally study in peace for a moment, huh?
Comment has been collapsed.
same here
still quite worried about my steam account right now
Comment has been collapsed.
Can confirm, was able to get soething that looked like cookies + guard data.
STOP USING STEAM SITES NOW AND KILL THE (Don't 'logout') CLIENT AS IT MIGHT USE IT ON BACKGROUND AND THUS KEEP YUOR DATA ON MEMORY!
I didn't store/log anything, but someone else might.
Comment has been collapsed.
as it was already said: dont use Steam at all , unless we get any update about whats going on
Comment has been collapsed.
thats exactly I was wondering about too..somebody should post about this, since hopefully its more visible than steamforums. Cannot login though, dont want to put my data to risk
Comment has been collapsed.
steam discussion
and I dont think you would get banned, since all you do is sharing some public importance information so that should be the least of your worries
Comment has been collapsed.
I got a reply to my question on the Steam Support twitter page concerning this if Steam is affected
"I don't believe it is. Neither is Origin nor uPlay, if I remember correctly." (by a certain Fletcher)
Comment has been collapsed.
wtf, for some reason each time I put a thread about this issue, it gets moved to the help and tips part of the steam forums..
Comment has been collapsed.
both of the threads about Heartbleed bug have been deleted from steamcommunity
Something really smells suspicious here, if not Valve trying to silence information about this
Comment has been collapsed.
297 Comments - Last post 21 seconds ago by Wok
46,810 Comments - Last post 19 minutes ago by BlazeHaze
113 Comments - Last post 1 hour ago by sonatamyasa
48 Comments - Last post 1 hour ago by sensualshakti
471 Comments - Last post 2 hours ago by Koalala
83 Comments - Last post 2 hours ago by gonsi
99 Comments - Last post 2 hours ago by ryuga
103 Comments - Last post 3 minutes ago by Alucardeus
182 Comments - Last post 4 minutes ago by CheMan39
128 Comments - Last post 6 minutes ago by Matty777
19 Comments - Last post 16 minutes ago by gr4yw4rd3n
37 Comments - Last post 30 minutes ago by lav29
252 Comments - Last post 1 hour ago by Cole420
1,158 Comments - Last post 1 hour ago by Mitsukuni
SteamDB.info discovered that the Heartbleed bug is currently affecting steam. Here you can read what this bug exactly is. It's long yeah I didn't read it either. But here is what SteamDB.info says about it:
We recommend NOT using any Steam services until Valve issues a fix for a recently discovered vulnerability. We've contacted them about it.
It's a dangerous issue to everyone, it's more dangerous for developers because they deal with more sensitive content.
We'll inform you when it's fixed, and it's better to not do anything at the moment including logging off sites.
Lets hope they fix it fast, but for now; don't login or logout anywhere with your Steam acount! The only other, known, big player who is affected by this bug is Yahoo (Tumblr?).
Source
Comment has been collapsed.