[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

• Thursday, April 10, 2014: Announcement of "heartbleed" vulnerability in OpenSSL
  • An announcement was made on April 7th of a vulnerability in the open-source "Secure Sockets Layer" software, OpenSSL. This software is used by us at Voyager, as well on servers around the world, including Yahoo!, Imgur, and Google. Google points out that, "Search, Gmail, YouTube, Wallet, Play, Apps and App Engine were affected."
  • VoyForums software has been updated with the security fixes, and we recommend you change your password(s).
  • About the vulnerability:
  • The bug allowed those who could exploit it to get a random chunk of memory from the server (whatever data happened to be in that chunk of memory). They could repeatedly do this, apparently, gaining access to various random chunks of memory, but they could not actually choose which memory they received. On VoyForums, this could have include usernames, passwords, IP addresses, or email addresses (if transferred in either direction). This also includes information your browser sends "behind the scenes" between itself and the websites you visit (in cookies, and the "HTTP header"). Thankfully, we removed our pay services almost completely several years ago, and also entirely stopped accepting credit cards several months ago (before the vulnerabilty became publicly known). Nevertheless, the bug has existed since December 31st, 2011 (see the last note in this news announcement).
  • Please keep in mind, stored data on our server is not available through this bug, only information being accessed by the webserver software itself. Our software runs separately from the webserver, so only data passed through the web server or accessed by it, itself, was prone to exposure (this includes the possibility that a webserver's private SSL (https) key is exposed). We have updated our server software as well as established new keys in our secure servers.
  • While the vulnerability was announced on April 7th, 2014, it has existed in the OpenSSL software since December 31st, 2011. It is possible that systems around the world were succeptible to data leakage for this time if any groups discovered the bug. It is worthwhile to note that many if not most large financial institutions do not use OpenSSL, but as mentioned above, even Google Wallet was apparently affected in some way. Please see GitHub's list of the top 1000 sites to see if a site you use is affected, Wikipedia's page on the Heartbleed bug for an overview, and some responses from various sites about their affected systems. Of course, please also do a web search for "heartbleed" if you wish to read more about the bug.
• Sunday, April 6, 2014: VoyForums delays expanding/opening members system
  • We have been working on our member system to allow open access for all visitors, but we are delaying this into next week in order to address security features due to the recent spam attacks on our system.
• [ Older news: VoyForums News Archive ]

Future updates to this page will be found at the VoyForums News Page.