Heartbleed - we are not affected

[Quiff Boy]

There's been a lot in the press the last couple of days about a webserver security vulnerability known as Heartbleed.

You can read more about it here: http://heartbleed.com

A high number of high-profile websites have proven to be vulnerable, and users have been advised to change their passwords. There's a great list here:

http://mashable.com/2014/04/09/heartble ... -affected/

As you can see, sites and services like Amazon, Gmail etc have been affected.

The good news is that Heartland is not affected by this issue.

The way we handle user accounts & logins means this bug in older versions of SSL does not apply to us. The same applies to the SistersWiki.

Having said that, OpenSSL is installed on the Heartland webserver, but as of wednesday afternoon has been patched to the latest secure version.

In short, you do not need to change your Heartland password.

We would, however, recommend you change your passwords on the sites mentioned in that article above

[Being645]

You're perfect ... ... ...

[radiojamaica]

Good one, Herr Quiffster

[Johnny Rev 7.0]

Thanks very much Barry, and I'll endorse Bine's and Koen's comments above, for the sterling work you do behind the scenes to keep HL safe.

As you know, I'm not much of a geeky boy, and the Heartbleed thingy is kinda over my head, but I do have one question:

Can I still buy a cheap kitchen via Announcements on HL?

TIA.

[Pista]

Heartbleed thingy is kinda over my head, but I do have one question:

Can I still buy a cheap kitchen via Announcements on HL?

TIA.

seems it's possible http://www.myheartland.co.uk/viewtopic.php?t=24093

Thanks for the update Barry.
It seems the entire interweb's in confusion over the amount of risk there is.
Glad you got a patch on.

[Johnny Rev 7.0]

Glad you got a patch on.

Blimey! I never knew Quiffy had stopped smoking.

Or even started, for that matter.

[markfiend]

Obviously I can't say too much, but this...

Heartland is not affected by this issue

I wish I could say the same about work. All patched now of course, but a lot of work was involved.

XKCD has an explanation of how the heartbleed bug works: http://xkcd.com/1354/

[Quiff Boy]

Just a heads-up to let you know that I'm currently looking at a way of making Heartland run entirely over secure https

ie: https://www.myheartland.co.uk/

I've purchased the SSL certificate and begun setting it up on the server, but there's a bit more server setup and a bit of forum config required to make it all work seamlessly.

I'll be dabbling with this during the coming week, so apologies if you see any weirdness re: security messages from your browser - don't worry, it will just be me trying to get this working

I'll post more details when I have something concrete to report back

[markfiend]

Fun fun fun!

[Quiff Boy]

Seems to be working on Safari and Chrome, but Firefox is complaining about it being an invalid security certificate

Am working on it...

FWIW, we are definitely Heartbleed-proof

https://www.ssllabs.com/ssltest/analyze ... land.co.uk

[iesus]

Exception added on Firefox
Always trust MH

[Quiff Boy]

Right that should have sorted it for Firefox now too

[Pat]

Still getting problems on firefox, just had to add it as an exception

[Bartek]

FF constantly informs me that HL is not trustworthy. i'm adding exceptions, but i have cleaning history with closing browser.

[lazarus corporation]

Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.

[lazarus corporation]

Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.

Should be fixed now.

[Nikolas Vitus Lagartija]

Well done, chaps I have no idea what any of the above means but I think it means that we can all sleep peacefully and carry on posting !

[Quiff Boy]

Thanks Laz

[Bartek]

it is fixed!