Just an FYI

[mjr45]

I just got notice from Norton that the club site is vulnerable to the HeartBleed virus and personal information may be available. Any of the site moderators know about this?

[DRBall]

Norton has not said a peep about this site....How old is your version...

[mjr45]

I got a message about the Heartbleed virus and on the Norton site there is a tool to check websites by their URL. When I put in the club URL it came back as vulnerable to the virus.

[FastWoman]

I posted an FYI to the non-Z related off-topic forum. I would hope the mods know about it. Fortunately my logon to this site already used my lowest-security tier of password. There are a few other Heartbleed-vulnerable sites that use old passwords.

The danger to folks on this forum would be if the same password used on this site is also used for such things as your bank, email, or any resource you really don't want to get compromised. If hackers get your password here by exploiting the Heartbleed vulnerability, they can then potentially log on to any other account where you might use the same password. If you use the same password for your email, there's a lot of exposure to mischief, as password resets can be intercepted via your email, allowing the hackers to hijack almost anything of yours, especially those accounts that use your email address as a user ID.

Anyway, if you've done like I have and changed the passwords on all of your sensitive accounts, you can PROBABLY be safe continuing to interact on this site with your old, now-insecure password. At least that's how I understand it. I think you just have to assume hackers have your classiczcars login -- including hackers from the NSA, of course. (The NSA is believed by the IT community to have introduced the bug into the OpenSSL code 10 years ago, and it appears from server logs that they have been exploiting their bug the entire time. The hacker community only discovered the exploit about 6 months ago.)

[TheCrazySwede]

The danger is not in the site, but in the way it encrypts information (Open SSL)

There are a lot of websites that use that type of security measures, although most websites that are in charge of sensitive information (Email clients, Banking, etc.) use a different approach, and thus aren't in danger of being compromised.

I'm not a huge fan of Norton (I've been a Microsoft Certified Technician for almost 3 years) but the way it is telling you what sites are vulnerable is by checking what type of encryption methods the site uses. Most websites have updated their measures, but I can't speak in behalf of this one.

[FastWoman]

Swede, I discovered the issue when I used this utility to test the site:

https://filippo.io/Heartbleed/

In the beginning this utility was actually able to exploit Heartbleed on the classiczcars.com site. (It tests by confirming the exploit works.) When I test now, I get a much less conclusive result. I don't know why or how, but until we hear the site has been fixed, I think it's best to assume it hasn't.