Your passwords are vulnerable. Change them.

(47 Posts)
Edw4rdSnowden Sat 12-Apr-14 14:53:14

Dear Mumsnet

Your 'tech support' (ha) have taken you for a ride. This site's security response to the Heartbleed exposure ( heartbleed.com/ ) has been woeful and anyone with slightest know-how of OpenSSL has been able to grab the logging-in details of Mumsnet users (including administrators). I could post screencaps of the board where this geezer has been posting up how funny he is messing around with mumsnet but that's by the by.

This is especially dire news if you've been daft enough to use the same password for mumsnet as you had for your email addresses and amazon accounts etc.

Change all your passwords immediately, ESPECIALLY if your mumsnet password is one you foolishly use for other services.

Finally I urge you to reconsider whether this website and its administrators take your security seriously.

BoreOfWhabylon Sat 12-Apr-14 14:55:30

Maryz Sat 12-Apr-14 15:03:59

Were you EdwardSnowden before?

The one who was banned?

SnakeyMcBadass Sat 12-Apr-14 15:08:11

It's all gone Pete Tong <wails>

Hate to say it, but he's right. I'm a tech and this had had everyone, right up to the CEO running around fixing shite since Wednesday.

If there had been battle stations alarms available, we'd have set them off.

Change your passwords, but only when the vulnerability had been resolved, as otherwise your new passwords are also vulnerable. Don't worry too much about your online banking, they do not upgrade to the latest versions too quickly (to avoid new bugs) and it's version 1.0.1 to 1.0.1f of OpenSSL that is affected.

Do worry about your passwords if you use the same one across everything!

Maryz Sat 12-Apr-14 15:16:41

That's what I thought Cat.

No point in changing MN password now, but worth changing others if they are the same.

EdithWeston Sat 12-Apr-14 15:17:32

It's easy to find google hits for Mumsnet and Heartbleed, which may or may include the one OP refers to.

I was just fascinated to see on the highest ranked hit the ad with the nearly naked man towards the bottom of the page ("lose you belly fat"). I've had various (tailored - sob) weight loss ads before, but never one offering a lightly oiled man with a 6pack as the 'after'

topknob Sat 12-Apr-14 15:17:49

So have tech added the patch as we are not meant to change any passwords until that is done.

cozietoesie Sat 12-Apr-14 15:20:17

They've said that they have.

The situation has been treated as trivial as though they can be sure it's okay now and no one else got in. As I understand it there is no way for anyone to know that.

I'm not too worried as I don't use a shared password or even email address for MN.

InspirationFailed Sat 12-Apr-14 15:32:34

I can't change my password or read PMs, I just get this every time....

comicsansisevil Sat 12-Apr-14 15:37:40

Message withdrawn at poster's request.

Maryz Sat 12-Apr-14 15:40:27

I've reported your post for you Inspiration.

stretch Sat 12-Apr-14 15:40:31

I have no idea what any of this is about. Not tech-savvy at all.

enormouse Sat 12-Apr-14 15:43:34

Could someone techy from hq come this thread and advise us when to change our passwords?

EdithWeston Sat 12-Apr-14 15:46:22
enormouse Sat 12-Apr-14 15:46:22

*come on

sillymillyb Sat 12-Apr-14 15:46:23

If you look at the Justines account thread then Rebecca have commented near the bottom

sillymillyb Sat 12-Apr-14 15:46:43

Cross posts, sorry!

enormouse Sat 12-Apr-14 15:46:55

Thanks edith

RandallFloyd Sat 12-Apr-14 15:49:17

Yes, I didn't know whether to change my password or not but RebeccaMN told me to so I have.

I'm powerless in the face of authority. I'd be shit in a coup.

mrstigs Sat 12-Apr-14 15:58:07

I use that many passwords I don't actually know what the password is for here. Bummer. Anyone know how many chances you get?

So have I got to change my passwords for everything?

<cries>

<hard>

Worth considering that this thread could be an attempt to make everyone log in and change their passwords now while they are snooping on the data in the MN server's memory! Heartbleed doesn't access stored user accounts but exposes what data is being processed now.

Maybe hang fire on the password changes. It's pointless changing password now anyway until this site has upgraded to the fixed version without the Heartbleed vulnerability. Anyway MN might not use the relevant, vulnerable version of OpenSSL.

This is from DH who works in the field, not me!

InspirationFailed Sat 12-Apr-14 16:12:27

Thanks Maryz :-)

Join the discussion

Join the discussion

Registering is free, easy, and means you can join in the discussion, get discounts, win prizes and lots more.

Register now