back to article Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker

Twee UK parenting website Mumsnet is the second high-profile organisation to claim it has fallen victim to the infamous Heartbleed OpenSSL vulnerability. Hackers boasted they accessed Mumsnet users’ data via the password-leaking bug – which is present in HTTPS servers and other services and software running a OpenSSL 1.0.1 to …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Cynic says that this is just a way of making sure that mumsnet is in the news. "Oh noes, hackers have struck at us".

  2. Anonymous Coward
    Anonymous Coward

    It'll turn out to be the work of a mumsnetter's gifted offspring, which will give their proud mother something else to discuss at length with her online friends: 'I had no idea Jonquil and Tarquin were so savvy, but their teacher always said she'd never met any other children quite like them, I mean their father can't even change a lightbulb, I don't know where...' etc... etc... etc...

    1. Robert Carnegie Silver badge

      It is a natural necessity

      Whoever the hacker is, I am sure that they have or they had a mother. But maybe not a father.

    2. Jim 59

      Not sure if you are aware of Mumsnet's solid left-wing credentials, but founder Justine Roberts is married to Ian Katz, BBC Newsnight editor and ex deputy editor of the Guardian, the paper from which Newsnight takes its senior staff.

      While at The Guardian, Katz (says wikipedia) oversaw a campaign to influence the outcome of elections in Clark County, Ohio to help swing the 2004 US Presidential election against Bush and in favour of Kerry. It was not successful and it was not popular with Clark County voters who, surprisingly, don't like foreigners interfering in their election process.

      Roberts studied "PPE" (Politics, Philospohy and Economics) at Oxford, a fairly new subject also studied, at Oxford, by Labour MPs Angela Eagle, Maria Eagle, Ed Balls, Yvette Cooper, David Milliband as well as PM David Cameron.

      Funny how many of our leaders went to the same school, lived in the same street, studied the same (slightly naff) subject at the same place, are in business together, living together, are related to each other, (often concealing the fact with maiden names). It perhaps explains how come much party policy, large swathes of the BBC, media public institutions are papered over with an unthinking groupthink so uniform you can't see the join. Sorry for the lengthy off topic rantathon.

  3. Stuart 22

    Selfies can be good.

    The pain of getting, renewing and now revoking certificates is a complete and unwelcome pain. Actually most of our https stuff is between our servers and close clients. They trust us, they would trust our servers except for those big red screens Chrome et al throw up when they see a self signed certificate.

    So we dutifully used proper ones. Whereas the old self-signed could be replaced instantly. Hence paradoxically our users were more secure with selfies.

    And millions/billions of Wordpress users will have been exposing their usernames/passwords in plain text since Z80 Assembler ruled the world - mostly without incident. Its security with a hole that's really dangerous at attracting the hacking flies.

    1. Wensleydale Cheese
      Unhappy

      Re: Selfies can be good.

      "And millions/billions of Wordpress users will have been exposing their usernames/passwords in plain text since Z80 Assembler ruled the world - mostly without incident. Its security with a hole that's really dangerous at attracting the hacking flies."

      I imagine that the number of folks with access to the network traffic containing those clear text usernames and passwords is quite limited. In contrast the OpenSSL bug lets world plus dog have a go.

    2. Jamie Jones Silver badge
      Boffin

      Re: Selfies can be good.

      "So we dutifully used proper ones. Whereas the old self-signed could be replaced instantly. Hence paradoxically our users were more secure with selfies."

      Also, don't forget that with a 'selfie' there is no third party chain of trust above you that could be hacked/pwned by gchq/nsa/blackhat etc.

  4. Mad Mike

    Oh, how terrible.

    This is really terrible news.............my heart bleeds.

    The only thing funnier would be if they found their way into the extremist list of websense and started getting blocked as such!! Given some of the clangers that have happened in the past in this area, it could just happen.

  5. Aristotles slow and dimwitted horse

    Double edged sword...

    Great to know that this OpenSSL flaw is being publicized, but it probably hasn't helped that almost all tech and news publications have dissected in very great detail the flaw itself, and how to exploit it.

    1. bigtimehustler

      Re: Double edged sword...

      Not really, anyone that wanted to find out would have just done a search for the info. Do you think anyone really relied on a news outlet for a technical implementation of an attack? Or did they go to a more sensible place.

  6. WonkoTheSane
    Childcatcher

    Karma is a female canine

    If Mumsnet didn't try to get CallMeDave to legislate the net down to CBeebies-friendly levels instead of ACTUALLY SUPERVISING THEIR CHILDREN'S NET ACCESS, the script-kiddies probably wouldn't have targeted them.

    1. Eradicate all BB entrants

      Re: Karma is a female canine

      Hey, give them a break. I don't think you can even guess at the workload of a Mumsnet user. Spending all day on the site then breaking every traffic law known to man, just so they can be first to park their BMW X6 diagonally across the road in front of their children's school, is very stressful.

      I think you will also find it is the responsibility of the nanny to monitor the childs access to the internet, that's what they get paid £1.25 an hour for.

      Geez, you would think in this day and age that they would be allowed to denigrate the fathers input into childcare without having to suffer criticism or hacking.

    2. Anonymous Coward
      Anonymous Coward

      Re: Karma is a female canine

      Wonko, how dare you suggest such a thing! We have far more important things to do than supervise our own children - are you one of those old-fashioned reactionary types that thinks people should be accountable and responsible for their actions? Everyone knows that society as a whole is to blame for everything, except of course those accused being classes of offender (who should just be strung up, don't worry about the expense of a trial or anything, we have the Daily Fail front page for presenting all the evidence of their guilt, and a quarter of the back of a stamp for the balanced and equal coverage of their defence)

      On the plus side, we have the fine example of the founder of Mumsnet actually taking responsibility for her own website and fixing the thing herself. Or perhaps not.

    3. WonkoTheSane

      Re: Karma is a female canine

      I see as many as 3 mumsnetters have read this thread.

  7. squigbobble
    Trollface

    Information of value

    Was there actually any to extract from mumsnet?

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Information of value

      mums?

  8. Anonymous Coward
    Anonymous Coward

    Glad it's not just me, then ...

    And here I was thinking 'couldn't have happened to a nicer bunch of people ...' ... glad I'm not alone.

    Karma is, as they say, a bitch.

  9. Gio Ciampa

    Mumsnet: "By parents for parents"

    Are dads not parents too?

    1. 45RPM Silver badge

      Re: Mumsnet: "By parents for parents"

      I dunno, cos I haven't joined, but I think that there are dads on MumsNet. My wife assures me that there are, anyway. Honestly, though, I'm the worst dad in the world and I'd rather leave all the messy, worrying, stuff with her - and I'll do the playing with lego and reading stories to the kids bit.

      Wasn't there some story on there about spaffing in a cup by the bed though? Or did I make that up? Not a very effective way of getting your girl preggers, I'd have thought.

      1. Sir Runcible Spoon
        Thumb Up

        Re: Mumsnet: "By parents for parents"

        "and I'll do the playing with lego and reading stories to the kids bit."

        sounds like you are doing all the right things dude, carry on!

      2. squigbobble
        Coat

        Re: Mumsnet: "By parents for parents"

        "Wasn't there some story on there about spaffing in a cup by the bed though?"

        It was someone's story about her husband washing his nob in a glass of water post-boning. Not just once but as a matter of routine. It went viral.

        PROBABLY NSFW, I DAREN'T CHECK.

        http://www.mumsnet.com/Talk/mumsnet_classics/a1875847-Do-you-dunk-your-penis

        ...and the reactions

        http://www.huffingtonpost.co.uk/2013/10/09/penis-beaker-mumsnet-thread-washing-after-sex_n_4070874.html

        http://www.telegraph.co.uk/women/mother-tongue/10367709/Mumsnet-creaks-under-the-strain-of-penis-beaker.html

        1. Anonymous Coward
          Anonymous Coward

          Re: Mumsnet: "By parents for parents"

          #PenisBeaker, how did I miss that?

          1. Destroy All Monsters Silver badge
            Devil

            Re: Mumsnet: "By parents for parents"

            Probably NSFW

            OP starts off with:

            I considered name changing for this, but, fuck it. We have a dedicated post-sex cleanup area on the bedside table. A box of tissues, a small bin, and a beaker of clean water for temporary cleaning/dunking while the bathroom is occupied by me. Apparently our penis beaker is strange and not the done thing. Does everyone else just lay there in a sticky post coital glow until morning? Really?

            And someone answers:

            Have never heard of this. And used to be quite the harlot, so really think I would have seen in, if it were a common thing. But maybe my tastes just run to the unwashed...?

            My cow-orkers caught me while eye-bulging... I would rather be caught on 4chan, but I LOLLED!

            1. John Smith 19 Gold badge
              Unhappy

              Re: Mumsnet: "By parents for parents"

              "My cow-orkers caught me while eye-bulging... I would rather be caught on 4chan, but I LOLLED!"

              Oh no you wouldn't.

              You really wouldn't.

          2. Anonymous Coward
            Anonymous Coward

            Re: Mumsnet: "By parents for parents"

            "#PenisBeaker, how did I miss that?"

            I have a terrible sense of certainty that typing that phrase into a search engine would visit the combined horrors of Rule 34 and the Muppet Show upon me, so I'll pass.

          3. squigbobble

            Re: Mumsnet: "By parents for parents"

            "#PenisBeaker, how did I miss that?"

            By good fortune/the Grace of God/Inshallah/his Noodley Appendage/$DEITY.

            1. Anonymous Coward
              Anonymous Coward

              Re: Mumsnet: "By parents for parents"

              What? No tiny wet-n-dry hoover for the wet spot? For shame!

      3. Anonymous Coward
        Anonymous Coward

        Re: Mumsnet: "By parents for parents"

        I (yes I'm a Dad) have an account, but it's more so I can keep an eye on what my wife posts... (hence Anon)

  10. Anonymous Coward
    Anonymous Coward

    Wow! All this hatred for MumsNet. Anyone would think that none of you have ever had a shag, and that you're all a little bit jealous…

    Oh…

    Oh Really…

    You are all virgins? Well, I can't say that I'm surprised. I wouldn't let any of you anywhere near my lady garden either.

    1. Anonymous Coward
      Anonymous Coward

      Nice try, Mr Cameron, but I'm afraid you forgot to call us autistic too.

    2. Anonymous Coward
      Anonymous Coward

      I have got children, in fact many of them. However, I think what pisses us off is the way the majority of the members of mumsnet try to make up for their feelings of inadequacy as parents by telling the rest of us what we can or cannot do. They seem to hope that this will make them appear to be important and be doing something for their children instead of actually doing something for their children.

      I, for one, would feel a lot more sympathetic if they could accept that they make up a small part of society and that they are no more special and important than the rest of us.

      1. Androgynous Cupboard Silver badge

        "... their feelings of inadequacy as parents by telling the rest of us what we can or cannot do..."

        I'm afraid you do't need Mumsnet for that - the moment you have one child, you automatically get enough knowledge to advise anyone else on theirs. Sometimes it even works if your sister/colleague/neighbour has a child too, it's that powerful.

        1. Destroy All Monsters Silver badge
          Trollface

          Clearly an Anonymous Cowardesse. Or else, cheap bait.

    3. AbelSoul

      Re: .. wouldn't let any of you anywhere near my lady garden..

      Your what?

      1. Stryker007

        Re: .. wouldn't let any of you anywhere near my lady garden..

        she means semen dumping grounds mate

    4. Anonymous Coward
      Anonymous Coward

      @AC

      Anyone would think that none of you have ever had a shag

      To quote Woody Allen:

      "“Don't knock masturbation. It's sex with someone you love.”

    5. Anonymous Coward
      Anonymous Coward

      Wow! All this hatred for MumsNet...

      Really! Where?

      1. Captain DaFt

        "Wow! All this hatred for MumsNet...

        Really! Where?"

        Don't you know? If you're not uncritically, unabashedly, and constantly praising them, You obviously must hate them!

        Fools only feed on flattery.

        1. Nick Ryan Silver badge

          Some of the info on mumsnet is actually useful - children are different and finding out what other parent's solutions, or attempts at solutions are, can be invaluable.

          Unfortunately it's hard finding the useful information under the heap of junk posted by the batshit insane.

    6. Bernard M. Orwell

      I didn't realise that you all went to MumsNet to find a shag.

      Explains a lot.

      1. This post has been deleted by its author

  11. Anonymous Coward
    Anonymous Coward

    AC ("I have got children"), totally agree. I'd add that it's a very cliquey, childish place with their bizarre use of acronyms. It annoys me that I didn't vote for Justine Roberts yet she appears as a mouthpiece on various panel programmes apparently advising the government on things in which she has no expertise. Mumsnet also lobbys the government with various campaigns, and annoyingly they have traction because they do it in the name of thinking of the children.

    If you want a real eye-opener try doing a google search for (not at work due to the language):

    site:www.mumsnet.com cunt

    and look at some of the worrying discussions that come back.

    1. JimmyPage Silver badge
      Thumb Up

      The best one was the story about a WiFI AP that someone named "My Neighbour is a cunt" ...

      1. TitterYeNot

        No retort?

        "The best one was the story about a WiFI AP that someone named "My Neighbour is a cunt"..."

        Yes I enjoyed that one. I'm just surprised no-one mentioned the obvious response of renaming their WIFI AP to "That's funny so is mine"...

    2. Anonymous Coward
      Anonymous Coward

      That was fascinating, I particularly liked the one where lots of them stated that if their husband called them a cunt that "would be it", in amongst all the threads where so many of the same commentators called other peoples husbands "cunts".

      'Normal' people are really really weird.

      1. Anonymous Coward
        Anonymous Coward

        I've just returned from the same search. Can't say I'm surprised.

        My eyes were opened to what women were really like on their own when I was about 10.

        My mum hosted a naughty nicker party and I hid upstairs before-hand. After it was underway I snuck down onto the landing to overhear the conversations they were having.

        Bubble well and truly burst I can tell you. When a woman starts with the old 'poor me' stuff just to get their own way they seem to get very huffy when your buttons remain un-pressed. Proper takes the wind out of their sails. I only let my wife get away with it because I know she's doing it, and she knows I know she's doing it, so it's a bit of a joke. She hates that type of woman too, but they were all programmed to do it from an early age, just like lads are programmed to respond to crocodile tears etc.

        Women stick together like shit to a blanket.

      2. Mad Mike

        @obnoxiousGit

        You're making the mistake of bringing reason and thought into the process. Mumsnet is a place to self-obsessed, hypocritical tyrants. That's why they think they have the right to dictate to everyone else and being listened to, even though they know little about the topics on which they speak. They're hypocritical because they think it's acceptable to call men c**ts, but say that to a woman and the world ends!!

        It's really the online equivalent of a hen do or womens trip to see men strippers. They all egg each other on and it all gets rather extreme and they all think they're so hard done by. After all, the government simply must control the internet, after all, I'm a mother and have enough to do already!!

        God alone knows why some men join. Maybe they're just trolling, I don't know, but the name says it all. Another example of why women can be as sexist as they like, but men would get attacked for doing the same in reverse. If I tried creating a fathersnet, there would be uproar about sexism etc.etc. Same as how you get women only gym sessions, but I've yet to come across any men only sessions.

      3. heyrick Silver badge
        FAIL

        called other peoples husbands "cunts".

        FAIL to everybody who said that.

        Men can be many things, but I'm pretty sure "cunt" is not a valid option. At least, not without some eye-watering surgery.

    3. Fibbles
      Trollface

      How dare you use the C-word to refer to those mewling quims.

      1. BigG

        L-word

        My neighbour is a ladygarden.

      2. Anonymous Coward
        Anonymous Coward

        "How dare you use the C-word to refer to those mewling quims."

        Watched Avengers Assemble recently, by any chance? Always nice to see some really good old-fashioned insults resurface...

    4. Nick Ryan Silver badge

      Oh hell, yes. I forgot the bullshit of acronyms everywhere... with DS, DD, OH, LP, DH and everything else that just makes it all as cliquey and incomprehensible as possible.

    5. Alan Brown Silver badge

      "Mumsnet also lobbys the government with various campaigns, and annoyingly they have traction because they do it in the name of thinking of the children."

      I can think of a number of people who did stuff whilst thinking of the children. Jimmy Saville for starters.

  12. jungle_jim
    Pint

    Mumsnet

    can fuck off

  13. Dom 3

    My Mumsnet password

    is really terribly advanced for its age.

    1. Will Godfrey Silver badge
      Happy

      Re: My Mumsnet password

      Best so far - have an upvote.

  14. DaddyHoggy

    My wife got an email (apparently) from mumsnet telling her to follow a link to change her password.

    Problem is 1) following links in unsolicited emails that require you to change your password is obviously a big no-no 2) my wife doesn't recall ever joining Mumsnet...

    Finding out today that Mumsnet really did send a blanket email to all 1.5M members telling them to follow a link to change their password leads to the following conclusions: 1) Mumsnet are silly for sending out the email this way 2) given that they did send out that type of email and that my wife got one from (apparently) Mumsnet even though she has never registered with them implies that the spammers/hackers have already started sending out spoof emails in an effort to exploit these mass panic email blasts from affected sites...

    1. Camilla Smythe

      No 'Link', per se, given for Reset..

      The e-mail I received was...

      "Dear Mumsnet user,

      Following the recent security breach related to Heartbleed

      we have removed the passwords of all users on www.mumsnet.com

      To use the site you'll need to reset your password. You'll find

      instructions and a link on the login page on how to do this.

      Most importantly, if you use the same password on Mumsnet as elsewhere,

      we strongly recommend you change your password on the other sites too.

      Thanks,

      Justine & the MNHQ team"

      So the link is on the login page on the website and not in the e-mail. The above link to the homepage was not obfuscated. Less confusing/dodgy. I suppose they could/should have left even that one out or 'broke' it. Given your wife is not a member of Mumsnet it might be worth checking the e-mail again to make sure it really was not a phishing e-mail.

      For myself I didn't twig that they had been 'hacked' and just thought they had discovered they were using a vulnerable version of OpenSSL and decided that it would be better to be safe than sorry and scrub everyone's passwords. It might have been better if they gave more details in the e-mail. I had to wait for the story here to discover what had apparently happened.

      BTW I joined out of interest and it was a throw away account so I won't bother refreshing it... although it might be interesting to see what sort of method they do have in place. It would also be interesting to see how much has in fact been 'reset'. Would it have been wise to clean out all account details and throw away the e-mail addresses as well?

      If anyone was active on the site they would try and log in and be presented with a 'whoopsie page' explaining what had happened and asked to recreate their accounts from scratch. Sure.. sounds like a bit of a pain but.....

  15. NSR2

    I just wanted to take a quick look at their cert....

    Selecting "log in" takes you to this site: http://www.mumsnet.com/register

    Which invites you to enter your password.

    I'm sensing an interesting way to avoid the heartbleed bug....

    (*cough* just don't use SSL? *cough*)

  16. JimmyPage Silver badge
    Stop

    Penis beaker

    surely we can't have a thread about Mumsnet without a penis beaker reminder ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Penis beaker

      I initially thought that Penis Beaker was the name of the latest version of Android. I then clicked the link to discover I was wrong. About as wrong as it's possible to be.

      1. JimmyPage Silver badge
        Coat

        depends

        on whether you think Android is a load of old cock.

  17. Tony Green

    Heartbleed is going to be milked

    I reckon every website that gets hacked because their own security is crap will be rushing to blame this to take the heat off them. Probably for years to come...

  18. John Smith 19 Gold badge
    Unhappy

    Yes. I think Heatbleed will be the latest "guy who just left did it" excuse.

    Even if it wasn't.

  19. Anonymous Coward
    Anonymous Coward

    You're all very welcome for the laughs.

    Anonymous for obvious reasons.

  20. TopOnePercent

    The trouble with mumsnet...

    ....aside from their all being swivvel eyed loons with as much connection to reality as your average hormonal teenager, is that they have very effective lawyers.

    Pistonheads (biggest car web site on t'interwebs) had something of a cyber war with them at one stage, so they let loose the dogs of law. No sense of humour at all.

    Its always amazed me that they don't understand how much of a parody they've become. Mumsnetter isn't a label any intelligent person would seek to acquire.

  21. Anonymous Coward
    Anonymous Coward

    Mumsnet reveals the true ignorance of the great unwashed ....

    It's scary reading how stupid people who have a vote are.

  22. Snake Plissken

    Mumsnet is the result

    Of introducing the concept of groupthink to a potential audience of 4 billion people.

    The scary thing is, *they* think *we* are the insane ones.

This topic is closed for new posts.

Other stories you might like