Hey guys, just wanted to ask if anyone knows whether SEGA/PSO2 logins was affected by the recent "Heartbleed" security exploit, and if so, whether they've fixed the problem (so that we can change our passwords "safely" now).

Same question for psow accounts too, I guess. Any mods/admins able to advise?

I cannot be the strongpoint final answer about it.
But from what i gather, it involves the security of https places correct?
PSOW doesn't use that type of security as far as i know

Thanks Sayara.

Ok, so I just checked the pso2 sega login page myself, and it appears that it does use https. May be a good idea to change your passwords.

ALSO: List of commonly used sites which my have been affected. Facebook is one of them. I know this isn't strictly PSO2 related, but just thought I'd give everyone a heads up:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Thanks for the link Kor.

Better safe than sorry I suppose.

Wait, so... this thing makes it unsafe to change our passwords? D:

There's no point in changing your password if the flaw is still on a website. You'd just be exposing the new password, lol.

Its basically a security flaw in the https system (which went unchecked for 2 years x.x). If the website has patched it on their end, it should be safe to change your password.

With regard to your question, Vetur, I wouldn't call it "unsafe" to change your password per-se. Its just that if the website HASN'T updated their systems, then changing passwords won't make you any more secure, until they do patch things up on their end.

The flaw is in the system some websites use (https), its not a flaw on the user's end.

Its basically a security flaw in the https system (which went unchecked for 2 years x.x). If the website has patched it on their end, it should be safe to change your password.

With regard to your question, Vetur, I wouldn't call it "unsafe" to change your password per-se. Its just that if the website HASN'T updated their systems, then changing passwords won't make you any more secure, until they do patch things up on their end.

The flaw is in the system some websites use (https), its not a flaw on the user's end.

Ah, thanks for clearing that up. I think I will wait til it's confirrmed that they fixed it before considering it. XD
I do often get paranoid about changing passwords because I fear something like that would happen, so I usually don't change it unless there's some obvious sign I'm being targeted. >.<

Nope, sega wasn't affected.

Also if you don't log on their site you wouldn't be affected.

Just a simple explanation on how it worked.

http://xkcd.com/1354/

From this checker tool (https://lastpass.com/heartbleed/?h=iway.isao.net):


Site: iway.isao.net
Server software: Apache/2
Was vulnerable: Possibly (known use OpenSSL, but might be using a safe version)
SSL Certificate: Possibly Unsafe (created 10 months ago at Jun 20 00:00:00 2013 GMT) Additional checks SSL certificate yielded current certificate first seen (7 months ago) -- has not been reissued.
Assessment: It's not clear if it was vulnerable so wait for the company to say something publicly, if you used the same password on any other sites, update it now.
So if there's no mass e-mail from SEGA, there's either no problem or they're unaware of it and there's no solution for the players.