"Heartbleed" security vulnerability

Apr. 8th, 2014 08:16 pm
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
[staff profile] denise posting in [site community profile] dw_maintenance
For those who have seen reference today in the press to the "Heartbleed" security vulnerability in OpenSSL, we'd like to reassure you that although we (like a large portion of the internet) were running the affected software, we patched our servers last night and were no longer vulnerable from that point.

We have no reason to believe that anyone was exploiting this vulnerability against us or that any user data has been compromised. We'll be changing our security certificates for extra confidence.

On the other hand, the nature of this vulnerablity means that it's impossible for a website to know for absolute certain whether someone was exploiting it. If someone was exploiting the vulnerability, against us or against any other website, they potentially have access to any information you sent to the site, including your username/password for the site and any data you sent to the site under HTTPS. It's a good idea to change your passwords pretty much everywhere, but don't do it until you can verify that a site is no longer vulnerable.

If you have any questions, feel free to ask!

Profile

jeshyr

April 2014

S M T W T F S
  12345
6789101112
13141516171819
20212223242526
27282930   

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 19th, 2014 02:35 am
Powered by Dreamwidth Studios