Status Update Regarding Heartbleed
-
- Admin Emeritus
- Posts: 1447
- Joined: June 29th, 2008, 7:37 pm
- Division: Grad
- State: TX
- Has thanked: 0
- Been thanked: 3 times
- Contact:
Status Update Regarding Heartbleed
Hello All,
I wanted to take a second and explain the effects of the OpenSSL vulnerability Heartbleed on Scioly.org Services and and Security issues that it may have caused.
For those of you who do not know what heartbleed was or is I am going to redirect you to two relevent XKCD comics. What the security issue was, and how it worked.
To address the common questions:
So how does this affect Scioly.org Services?
Well it should not have caused any leaking of user data, as we do not use https to send data back and forth, and instead stick to plain old http, which was unaffected by this vulnerability.
So you guys didn't do anything to fix this or are not worried about this bug?
No, as soon as this issue was announced, and I had time out of classes, I applied the fixes prescribed by the security warning released for our servers OS, which was to upgrade to the newest backported version of OpenSSL and restarting any service that has a chance to use OpenSSl. which have fixed the OpenSSL vulnerability on our servers. So that this is not an issue that is possible to be exploited.
So what should I do as a user?
Well there are a couple things, first if you use the same password on other sites that may have been affected I suggest you change your password.
If you have any questions or issues in the way this issue was handled please create a Feedback thread, or feel free to PM me.
I wanted to take a second and explain the effects of the OpenSSL vulnerability Heartbleed on Scioly.org Services and and Security issues that it may have caused.
For those of you who do not know what heartbleed was or is I am going to redirect you to two relevent XKCD comics. What the security issue was, and how it worked.
To address the common questions:
So how does this affect Scioly.org Services?
Well it should not have caused any leaking of user data, as we do not use https to send data back and forth, and instead stick to plain old http, which was unaffected by this vulnerability.
So you guys didn't do anything to fix this or are not worried about this bug?
No, as soon as this issue was announced, and I had time out of classes, I applied the fixes prescribed by the security warning released for our servers OS, which was to upgrade to the newest backported version of OpenSSL and restarting any service that has a chance to use OpenSSl. which have fixed the OpenSSL vulnerability on our servers. So that this is not an issue that is possible to be exploited.
So what should I do as a user?
Well there are a couple things, first if you use the same password on other sites that may have been affected I suggest you change your password.
If you have any questions or issues in the way this issue was handled please create a Feedback thread, or feel free to PM me.
Who is online
Users browsing this forum: No registered users and 2 guests