Please upgrade your browser for the best possible experience.

Chrome Firefox Internet Explorer
×

swtor.com and Heartbleed OpenSSL vulnerability

STAR WARS: The Old Republic > English > Customer Service
swtor.com and Heartbleed OpenSSL vulnerability

aethell's Avatar


aethell
04.08.2014 , 11:49 PM | #1
The internet is abuzz with articles about the "Heartbleed" vulnerability in OpenSSL. Can swtor.com please let us know if the information we shared with swtor.com is subject to this vulnerability, and if so when it will be fixed?

Essence_of_Light's Avatar


Essence_of_Light
04.09.2014 , 12:10 AM | #2
Quote: Originally Posted by aethell View Post
The internet is abuzz with articles about the "Heartbleed" vulnerability in OpenSSL. Can swtor.com please let us know if the information we shared with swtor.com is subject to this vulnerability, and if so when it will be fixed?
Anything that uses OpenSSL is vulnerable (as far as I know). If the URL bar has "https" (without the quotation marks), then it uses OpenSSL (paypal.com is an example of this).
For the Republic!
Click my referral link here for 7 free days as sub, free server transfer, free CC unlocks, and other bonuses!

Banegio's Avatar


Banegio
04.09.2014 , 01:03 AM | #3

Adric_the_Red's Avatar


Adric_the_Red
04.09.2014 , 11:51 AM | #4
Quote: Originally Posted by Essence_of_Light View Post
Anything that uses OpenSSL is vulnerable (as far as I know). If the URL bar has "https" (without the quotation marks), then it uses OpenSSL (paypal.com is an example of this).
Like many other vulnerabilities, this depends on whether the site is using a version that's vulnerable. From what I've read, there is an update to OpenSSL that fixes this vulnerability. But there's no way for a user to tell if a site is using the "fixed" version.
"Your deaths are useless if they do not inform". -- The Shroud
My referral link. Click for free stuff.

ratatech's Avatar


ratatech
04.09.2014 , 06:03 PM | #5
I've pulled my AMEX CC and changed my password just to be safe because the fix was annouced before they gave details on the issues so word didn't spread to malicous hackers.
We fight or we die that's the plan

wkerilla's Avatar


wkerilla
04.10.2014 , 11:03 AM | #6
Changing your password isn't any good if the SW team hasn't applied the patch. So far I've not found anything from SW developer teams saying this is addressed, being addressed, or not.

b-morgan's Avatar


b-morgan
04.10.2014 , 02:42 PM | #7
Quote: Originally Posted by Essence_of_Light View Post
Anything that uses OpenSSL is vulnerable (as far as I know). If the URL bar has "https" (without the quotation marks), then it uses OpenSSL (paypal.com is an example of this).
This is mostly inaccurate. URLs starting with https:// are encrypted with SSL/TLS but are NOT all using OpenSSL to implement it. Not all versions of OpenSSL are broken. Banegio's post has links to a tool (URL) developed to test a website and the results show that SWTOR is not vulnerable.

Quote: Originally Posted by Banegio View Post
Google "chromebleed" for the addon.

Darth_Crasis's Avatar


Darth_Crasis
04.10.2014 , 08:40 PM | #8
Quote: Originally Posted by Essence_of_Light View Post
Anything that uses OpenSSL is vulnerable (as far as I know). If the URL bar has "https" (without the quotation marks), then it uses OpenSSL (paypal.com is an example of this).
Completely incorrect, Open SSL is not the only software that implements the SSL standard. In addition, most Microsoft based servers do not use Open SSL, neither do most financial institutions.

Now, according to checkers, SWTOR.com does use OpenSSL
Order shall be restored from within, by the Power of those whom Darkness has touched.

Darth Crasis
Lord of the Sith

ShadeObscura's Avatar


ShadeObscura
04.11.2014 , 09:54 AM | #9
A source I have looked at also shows SWTOR using OpenSSL.

They note that it is unsure what version, and thus possibly unsafe.

Can we get a response from Bioware on this?

Is it an unsafe version? If so what is being done to remedy this and when can we expect it to be fixed?

In the meantime, I am removing my cc info from this site. I just hope this is all fixed soon.