cancel
Showing results for 
Search instead for 
Did you mean: 

About Heartbleed and strange things...

Sparky83
Honored Guest
Hello everyone!

I heard about Heartbleed yesterday, a few hours before the Oculus-site went down. (Clever idea by the way, to call this SSL-thing Heartbleed to get all those lazy people to say: "Woah, Heartbleed, this sounds serious! :shock: I better get some information about that one... :? ")

When I was browsing the forums, something strange happened. I show you in this screenshot (translation follows):

"translation" wrote:
When trying to access developer.oculus.com, you actually reached a server called *. Cloudfront.net. This may be due to a misconfiguration, but also more serious causes. Maybe a hacker tries to lure you to a fake and potentially dangerous version of developer.oculus.com. Do not proceed, especially if the alert has never before appeared on this website.

Ok, this is bad!
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/cloudfrontnet/6529b96a-0d08-4597...

So how did this happen?

Another thing is that on twitter, this is shown by Oculus:

So why is there no post about the status, now the site is back online? Are there still issues that need to be fixed? I guess so, because for me, the forums look like this since today:


Please fix this. 🙂
Previously owner of DK1, finally owner of DK2.
54 REPLIES 54

ganzuul
Honored Guest
Thanks for double-checking CR. Information security is still way too difficult and for VR it is going to matter a lot...

geekmaster
Protege
Security is only as strong as the weakest link in the chain of trust.

http://xkcd.com/364/

ganzuul
Honored Guest
Don't worry man. Once we have commodity VR you won't need to go to parties. Problem solved. 8-)

geekmaster
Protege
"geekmaster" wrote:
... Sorry to sound gruff, but this is getting old, and annoying. These "broken padlock" icons scattered intermittently through your website WERE NOT THERE until after the heartbleed fiasco. That is not a "false positive". It is a disaster waiting to happen. I suggest you consult a "real" security professional.

Like I said:
"
At least this guy extracted tens of thousands of dollars in bounty from FaceBook. I wonder how many ...



Jose
Heroic Explorer
This is another reason to stay on the oculus subreddit instead of this forum.

gypsy/cyber:

What type of information was compromised? Was any billing or shipping information accessible to those who made use of this exploit?