When I heard about Heartbleed, the one line of code that is apparently responsible for the vulnerability of two thirds of the internet, I wasn’t really that worried. It’s a problem in OpenSSL, an open source toolkit which can be updated and fixed in a heartbeat (lol). The coding solution was posted on Kotaku hours after the bug was first heard about. The blogosphere appears to be showing signs of The Fear.
Here’s a quick reminder, if you think your credit card has been compromised or has been subject to fraud, call your bank. Consult them, implore them to find out who has been spending your money. You’ll get it back. It’s not something you need to be worrying about. Additionally, since Heartbleed affects 66% of the internet, chances are the site you spend money on wasn’t deemed a tasty enough target.
That in mind though, and of course the reason for the header up there, Amazon has been affected. I bought my girlfriend an iPod off there the other day. It’s the 8gb 6g nano, It’s for her birthday on the 20th, but I know she’s not going to read this….
Anyway, Amazon’s systems for ‘load balancing’ (transferring data across multiple systems to prevent a bottleneck of traffic, hence the name) are currently in the Heartbleed zone of influence, and for whatever reason, those are also involved with Minecraft. The game’s developer Mojang detected this issue and promptly shut down their servers. This is one to remember also, if you ever suspect your computer is being intruded upon via the internet, simply unplug the network cable. It’s not rocket science.
Here’s a statement from Mojang which we found on their website.
“Due to an exploit in the OpenSSL software used by Amazon’s load balancing service (which we use for most of our stuff) we were forced to temporary suspend all of our services. All systems are now back online, and the exploit has been fixed. There was no way to target specific users, but we can not guarantee that your information wasn’t compromised. Therefore we recommend everyone to change their Mojang/Minecraft account passwords.”
If you have been reading too many articles online about Heartbleed, and developed a bad case of The Fear, then here’s a temporary relief for Chrome users. Chromebleed, a plugin, detects and warns the user of the prescence of that pesky one line of code which allows Heartbleed to do its dirty work. It can be found here, and this is the description.
“Many HTTPS-secured sites on the internet use OpenSSL. Unfortunately, a major vulnerability in OpenSSL was disclosed – known as the Heartbleed bug – yesterday that put hundreds of thousands of servers at risk of compromise.
Whilst some servers have been patched already, many remain that have not been patched. Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected by Heartbleed, then a Chrome notification will be displayed. It’s as simple as that!”
Alternatively there’s a list of vulnerable sites here, https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt