Warning: Phishing Sites Ahead + Heart Bleed Bug

[Nick]

Hello everyone, some of you may know of the Heart Bleed Bug and how dangerous it has made the internet, your privacy and safety lately. Well I'm here to explain a little bit more about them and how you can prevent these sites/the bug from affecting you. This is an elaboration of Col_StaR 's front page post.

Here are some sources of what it is:

'An exploit known as “Heartbleed” Bug has shown up in the OpenSSL cryptographic library, and it could essentially allow attackers to gain access to highly sensitive information, including credit card numbers, usernames, passwords, and other sensitive data.'

-The Epoch Times

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

-HeartBleed.com


As you can see, this is very dangerous. The bug has already had an effect on Mojang and it's servers(Some of you may have experienced Authentication issues, errors whilst joining servers, and other forms of errors due to this bug). The team over at Mojang stress that anyone who has logged into Minecraft or any other Mojang games to change their passwords immediately. (I suggest migrating your account to a Mojang account and if you have change your password here)


We also stress that you be very careful when opening up links from people who you don't know too well as they may seem legitimate but in fact they are not. For example, there has been a link going around stating that you can get a free Minecon cape and the site does indeed look like the official Minecraft site but after personal further investigation by clicking support links on that site it has been detected as a phishing site which attempts to get your username and password. Remember DO NOT trust this link (http://minecon.support/freecape/?r9064) or any similar links as they will have access to your Minecraft details.
(Refer to Captain | Lqzer 's thread for more)

Thank you for your attention and keep in mind that you are strongly suggested to change all of your passwords including Email, social network, and gaming passwords ASAP.

Feel free to ask questions below.​

 

[Jon | Lqzer]

http://www.minecraftsurvivalgames.com/threads/minecon-cape-fraud.96150/

 

[Nick]

http://www.minecraftsurvivalgames.com/threads/minecon-cape-fraud.96150/

Didn't actually see that. I'll add your's as reference as well.

 

[Col_StaR]

I've added a link to this thread on the Mojang Security News post.

 

[Mango]

Thanks for the informative post. I've already changed my passwords. I hope that nobody in this community will have to suffer any inconveniences due to the bug.

 

[arsenal]

You don't want to change your password until you know that the site you are changing your password on has been updated with the fix. Otherwise your new password could be stolen too.

 

[masond123]

Already banned someone for advertising this. Please watch out, this website looks very realistic.

 

[Missmoll8]

Many people do not know about these things going around. Thank you for informing everyone of this inconvenience. Hopefully Developers of Mojang can help fix all this. Although remember to change passwords then write them down so you do not forget about them