Ad Astra & Heartbleed

[MDGarcia]

Earlier this week (7 APR 2014), OpenSSL revealed a two-year old security exploit in serving secured data using their application. This exploit/bug made it possible for anyone to gain information about account information and more specifically passwords and password changes.  Luckily, Ad Astra has only utilized SSL since we moved to our new server last month, so we feel that our exposure is not as bad as most sites out there.

 

Over the course of this week, we moved quickly to patch to the fixed release, which was completed yesterday night.  Some of you were waiting to hear back on a support ticket regarding this issue, and this message will be posted in reply.  The only site affected by this were the forums and our email server. The main archive and blog sites were not affected, because they do not employ SSL at all.

 

To that end, we were recommending that if you have an account here on the Forums and should you have a trekfics.net or other hosted email address here at Ad Astra, you should change your password immediately.  Users who do not change their password are subject to an account hack.

 

Forums: https://forums.adastrafanfic.com/index.php?app=core&module=usercp&tab=core&area=email

Email: https://mail.trekfics.net/postfixadmin/users/login.php

 

Again, please do this now to ensure your account security.  If you have any questions, concerns, or are having a problem changing your password, please open a support ticket at http://support.adastrafanfic.com immediately. I will do my best to help you as quickly as possible.

 

Thanks,

 

MDg

[Lil black dog]

Scary stuff.  Changed my password on all vital accounts a few days ago - like banking and whatnot, but didn't realize we'd need to do it here, too.  Done.

[Gatekeeper]

Done. Thanks, Mike, for the heads up. 

[kes7]

I am so damned irritated by this Heartbleed thing.  It is hard enough to keep track of passwords with my ADHD issues.  Now I have to remember a bunch of new ones.  Watch me lock myself out of everything.  Sigh.

 

Thanks for addressing this, Mike.

[M C Pehrson]

I tried to change my forum password, but of course I couldn't get it to work. Must be doing something wrong! As usual...

Where is that Vulcan when I need him???

[FalseBill]

well it's change now, Just got to try and remember it now.

[Mackenzie Calhoun]

Changed it for here, thanks for the heads up/info MDG.

 

Question is...lumme, all my other passwords/websites. I might be some time.

[Lil black dog]

I am so damned irritated by this Heartbleed thing.  It is hard enough to keep track of passwords with my ADHD issues.  Now I have to remember a bunch of new ones.  Watch me lock myself out of everything.  Sigh.

 

Thanks for addressing this, Mike.

Hah!  Already had to redo mine for this site.  Changed a bunch of others along with this one this morning and subsequently forgot it.  And I can't claim ADHD...old age, maybe?

[jespah]

My passwords now all contain lower case letters, upper case letters, numbers, special characters, a pint of my own blood (A positive), and my grandmother's recipe for potato knishes.

[Mick]

I've been spending the last couple days changing passwords.  I went ahead and changed mine here too.  I appreciate you being candid about it MDG.

[Enterprise1981]

In a perfect world, we'd be able to memorize passwords containing random combinations of capital letters, lower case letters, numbers, emojis, etc. But I'm so sick of having to come up with different passwords for every single thing that I have to log in to.

[MDGarcia]

 

Thanks, xkcd.com

 

MDg