Heartbleed - we are not affected

Quiff Boy

There's been a lot in the press the last couple of days about a webserver security vulnerability known as Heartbleed.

You can read more about it here: http://heartbleed.com

A high number of high-profile websites have proven to be vulnerable, and users have been advised to change their passwords. There's a great list here:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

As you can see, sites and services like Amazon, Gmail etc have been affected.

The good news is that Heartland is not affected by this issue.

The way we handle user accounts & logins means this bug in older versions of SSL does not apply to us. The same applies to the SistersWiki.

Having said that, OpenSSL is installed on the Heartland webserver, but as of wednesday afternoon has been patched to the latest secure version.

In short, you do not need to change your Heartland password. Smile

We would, however, recommend you change your passwords on the sites mentioned in that article above Wierded Out

_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie

Being645 · Post #2 Posted: Fri Apr 11, 2014 11:46 am Post subject:

You're perfect ... We are not worthy!

...

...

radiojamaica · Post #3 Posted: Fri Apr 11, 2014 4:34 pm Post subject:

Good one, Herr Quiffster We are not worthy!

_________________
in dub we trust

Johnny Rev 7.0 · Post #4 Posted: Fri Apr 11, 2014 5:48 pm Post subject:

Thanks very much Barry, and I'll endorse Bine's and Koen's comments above, for the sterling work you do behind the scenes to keep HL safe. We are not worthy!

As you know, I'm not much of a geeky boy, and the Heartbleed thingy is kinda over my head, but I do have one question:

Can I still buy a cheap kitchen via Announcements on HL?

TIA. Kiss

_________________
What a season
to be beautiful
without a reason

Pista · Post #5 Posted: Sat Apr 12, 2014 12:14 pm Post subject:

Johnny Rev 7.0 · Post #6 Posted: Sat Apr 12, 2014 4:14 pm Post subject:

markfiend · Post #7 Posted: Mon Apr 14, 2014 8:59 am Post subject:

Obviously I can't say too much, but this...

Quiff Boy · Post #8 Posted: Mon Apr 14, 2014 11:16 am Post subject:

Just a heads-up to let you know that I'm currently looking at a way of making Heartland run entirely over secure https

ie: https://www.myheartland.co.uk/

I've purchased the SSL certificate and begun setting it up on the server, but there's a bit more server setup and a bit of forum config required to make it all work seamlessly.

I'll be dabbling with this during the coming week, so apologies if you see any weirdness re: security messages from your browser - don't worry, it will just be me trying to get this working Wierded Out

I'll post more details when I have something concrete to report back Cool

_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie

markfiend · Post #9 Posted: Mon Apr 14, 2014 11:28 am Post subject:

Fun fun fun!
_________________
it is my firm belief that it is a mistake to hold firm beliefs

Quiff Boy · Post #10 Posted: Mon Apr 14, 2014 12:15 pm Post subject:

Seems to be working on Safari and Chrome, but Firefox is complaining about it being an invalid security certificate Sad

Am working on it...

FWIW, we are definitely Heartbleed-proof Wink

https://www.ssllabs.com/ssltest/analyze.html?d=www.myheartland.co.uk
_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie

iesus · Overbomber Joined: 15 Mar 2006 Posts: 3047 Location: x-EU

Exception added on Firefox Mr. Green

Always trust MH Very Happy

_________________
Goths play Golf too ...
"Someday! Someday, everything you need, is just gonna fall out of the sky..." -A.E. Reading 1991

Quiff Boy · Post #12 Posted: Mon Apr 14, 2014 12:52 pm Post subject:

Right that should have sorted it for Firefox now too Cool

_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie

Pat · Post #13 Posted: Mon Apr 14, 2014 4:30 pm Post subject:

Still getting problems on firefox, just had to add it as an exception
_________________
flickr

Bartek · Underneath the Rock Joined: 17 Sep 2005 Posts: 5775

FF constantly informs me that HL is not trustworthy. i'm adding exceptions, but i have cleaning history with closing browser.
_________________
Sie sehen mein Herz am rechten Fleck/Doch sehe ich dann nach unten weg/Da schlägt es links

lazarus corporation · Post #15 Posted: Mon Apr 14, 2014 9:26 pm Post subject:

Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.
_________________
NEW: Artwork, and lots of it

lazarus corporation · Post #16 Posted: Mon Apr 14, 2014 9:43 pm Post subject:

Nikolas Vitus Lagartija · Post #17 Posted: Mon Apr 14, 2014 10:14 pm Post subject:

Well done, chaps We are not worthy!

I have no idea what any of the above means but I think it means that we can all sleep peacefully and carry on posting !

Quiff Boy · Post #18 Posted: Mon Apr 14, 2014 10:18 pm Post subject:

Thanks Laz Wink

_________________
the cake is a lie
the cake is a lie
the cake is a lie
the cake is a lie

Bartek · Underneath the Rock Joined: 17 Sep 2005 Posts: 5775

it is fixed! We are not worthy!

_________________
Sie sehen mein Herz am rechten Fleck/Doch sehe ich dann nach unten weg/Da schlägt es links