Earlier this week, a serious vulnerability in a popular security toolkit, OpenSSL, was discovered. This vulnerability allows an attacker to steal encrypted information, including the private keys that allow a website to verify its identity. You can learn more about the heartbleed bug on http://www.heartbleed.com.
This news post is to inform you that we have updated our version of OpenSSL so that we are protected from attacks. However, because this bug is so serious, there is no guarentee that we haven't already been attacked.
Our best advice is for you to change your password as soon as you can. You can change your password by clicking this link.
Please let us know if you have any questions and we'll do our best to answer them for you .
Heartbleed bug patched
#1
Posted 09 April 2014 - 09:26 PM
#2
Posted 09 April 2014 - 09:35 PM
Thanks for this!
I just heard on the news that this vulnerability has been around for three years.
#3
Posted 09 April 2014 - 09:52 PM
Thank you so much for the information and a very fast reaction/solution.
Now, I just need a password I'll remember.. hmmmm.
#4
Posted 09 April 2014 - 09:52 PM
Good idea, I was just changing passwords for other sites.
#5
Posted 19 April 2014 - 11:48 AM
Does that mean I have to change all my passwords again? >_<
#6
Posted 19 April 2014 - 11:52 AM
The bug has been known to attack adjacent browser tabs so even after you change your password, remember to browse unpatched sites while keeping a buffer tab(can be blank) in-between to insulate yourself.
#7
Posted 19 April 2014 - 02:04 PM
The bug has been known to attack adjacent browser tabs so even after you change your password, remember to browse unpatched sites while keeping a buffer tab(can be blank) in-between to insulate yourself.
Is that actually true? Wouldn't that mean there is a vulnerability in the browser itself leaking information across tabs? The heartbleed vulnerability itself has to do with the heartbeat extension to the SSL spec which doesn't necessitate a browser at all...
Can you give me a source where you read this? I'm interested in knowing how it works.
#8
Posted 19 April 2014 - 02:32 PM
I'm with Hydrogen. I thought people were able to target websites, not browsers.
#9
Posted 19 April 2014 - 09:57 PM
Ok I made it up so people would start browsing with blank buffer tabs
#10
Posted 19 April 2014 - 10:14 PM
Ok I made it up so people would start browsing with blank buffer tabs
Oh you...
It may have convinced a few people who didn't know much about it.
#11
Posted 04 May 2014 - 06:36 AM
Super helpful, thanks!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users