denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_maintenance2014-04-08 08:16 pm
  • Add Memory
  • Share This Entry

"Heartbleed" security vulnerability

For those who have seen reference today in the press to the "Heartbleed" security vulnerability in OpenSSL, we'd like to reassure you that although we (like a large portion of the internet) were running the affected software, we patched our servers last night and were no longer vulnerable from that point.

We have no reason to believe that anyone was exploiting this vulnerability against us or that any user data has been compromised. We'll be changing our security certificates for extra confidence.

On the other hand, the nature of this vulnerablity means that it's impossible for a website to know for absolute certain whether someone was exploiting it. If someone was exploiting the vulnerability, against us or against any other website, they potentially have access to any information you sent to the site, including your username/password for the site and any data you sent to the site under HTTPS. It's a good idea to change your passwords pretty much everywhere, but don't do it until you can verify that a site is no longer vulnerable.

If you have any questions, feel free to ask!
Flat | Top-Level Comments Only
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2014-04-09 02:42 am (UTC)(link)
Well, my recommendation to people to change all their passwords is mostly based on the assumption that many people reuse passwords (or use passwords based on an easily-guessable site-specific variation). Also the fact that most people don't change their passwords as often as they should and anything that gets people to change passwords is probably a good thing ;)

[personal profile] alexbayleaf 2014-04-09 02:59 am (UTC)(link)
Heh, yeah :) Unfortunately this morning I woke up to a huge swathe of my twitter list panicking about the world ending or something, because that's the way the media's been pitching it, so I've spent a good part of my morning talking them down.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2014-04-09 03:09 am (UTC)(link)
Yeah, I know what you mean. I can't count the number of people I've seen who are confused about whether this is something affecting their own computer's sofware or not. Why is mainstream tech journalist just so bad sometimes? Argh.

[personal profile] alexbayleaf 2014-04-09 03:13 am (UTC)(link)
I have some sort of philosophical thoughts about how this filtered out into mainstream media, here. I refrained from posting in this thread because it didn't really seem the right place, but you might be interested?
Flat | Top-Level Comments Only