There's been a lot in the press the last couple of days about a webserver security vulnerability known as Heartbleed.
You can read more about it here: http://heartbleed.com
A high number of high-profile websites have proven to be vulnerable, and users have been advised to change their passwords. There's a great list here:
http://mashable.com/2014/04/09/heartble ... -affected/
As you can see, sites and services like Amazon, Gmail etc have been affected.
The good news is that Heartland is not affected by this issue.
The way we handle user accounts & logins means this bug in older versions of SSL does not apply to us. The same applies to the SistersWiki.
Having said that, OpenSSL is installed on the Heartland webserver, but as of wednesday afternoon has been patched to the latest secure version.
In short, you do not need to change your Heartland password.
We would, however, recommend you change your passwords on the sites mentioned in that article above
Heartbleed - we are not affected
- radiojamaica
- Overbomber
- Posts: 4875
- Joined: 11 Apr 2005, 16:51
- Location: Tower of Bass
Good one, Herr Quiffster
in dub we trust
- Johnny Rev 7.0
- Banned
- Posts: 1134
- Joined: 09 Sep 2006, 22:15
- Location: A place I go where no one knows
Thanks very much Barry, and I'll endorse Bine's and Koen's comments above, for the sterling work you do behind the scenes to keep HL safe.
As you know, I'm not much of a geeky boy, and the Heartbleed thingy is kinda over my head, but I do have one question:
Can I still buy a cheap kitchen via Announcements on HL?
TIA.
As you know, I'm not much of a geeky boy, and the Heartbleed thingy is kinda over my head, but I do have one question:
Can I still buy a cheap kitchen via Announcements on HL?
TIA.
What a season
to be beautiful
without a reason
to be beautiful
without a reason
seems it's possible http://www.myheartland.co.uk/viewtopic.php?t=24093Johnny Rev 7.0 wrote: Heartbleed thingy is kinda over my head, but I do have one question:
Can I still buy a cheap kitchen via Announcements on HL?
TIA.
Thanks for the update Barry.
It seems the entire interweb's in confusion over the amount of risk there is.
Glad you got a patch on.
- Johnny Rev 7.0
- Banned
- Posts: 1134
- Joined: 09 Sep 2006, 22:15
- Location: A place I go where no one knows
Blimey! I never knew Quiffy had stopped smoking.Pista wrote:Glad you got a patch on.
Or even started, for that matter.
What a season
to be beautiful
without a reason
to be beautiful
without a reason
- markfiend
- goriller of form 3b
- Posts: 21181
- Joined: 11 Nov 2003, 10:55
- Location: st custards
- Contact:
Obviously I can't say too much, but this...
XKCD has an explanation of how the heartbleed bug works: http://xkcd.com/1354/
I wish I could say the same about work. All patched now of course, but a lot of work was involved.Heartland is not affected by this issue
XKCD has an explanation of how the heartbleed bug works: http://xkcd.com/1354/
The fundamental cause of the trouble is that in the modern world the stupid are cocksure while the intelligent are full of doubt.
—Bertrand Russell
—Bertrand Russell
- Quiff Boy
- Herr Administrator
- Posts: 16795
- Joined: 25 Jan 2002, 00:00
- Location: Lurking and fixing
- Contact:
Just a heads-up to let you know that I'm currently looking at a way of making Heartland run entirely over secure https
ie: https://www.myheartland.co.uk/
I've purchased the SSL certificate and begun setting it up on the server, but there's a bit more server setup and a bit of forum config required to make it all work seamlessly.
I'll be dabbling with this during the coming week, so apologies if you see any weirdness re: security messages from your browser - don't worry, it will just be me trying to get this working
I'll post more details when I have something concrete to report back
ie: https://www.myheartland.co.uk/
I've purchased the SSL certificate and begun setting it up on the server, but there's a bit more server setup and a bit of forum config required to make it all work seamlessly.
I'll be dabbling with this during the coming week, so apologies if you see any weirdness re: security messages from your browser - don't worry, it will just be me trying to get this working
I'll post more details when I have something concrete to report back
What’s the difference between a buffalo and a bison?
- Quiff Boy
- Herr Administrator
- Posts: 16795
- Joined: 25 Jan 2002, 00:00
- Location: Lurking and fixing
- Contact:
Seems to be working on Safari and Chrome, but Firefox is complaining about it being an invalid security certificate
Am working on it...
FWIW, we are definitely Heartbleed-proof
https://www.ssllabs.com/ssltest/analyze ... land.co.uk
Am working on it...
FWIW, we are definitely Heartbleed-proof
https://www.ssllabs.com/ssltest/analyze ... land.co.uk
What’s the difference between a buffalo and a bison?
Exception added on Firefox
Always trust MH
Always trust MH
'Are we the Baddies?'...
"Someday! Someday, everything you need, is just gonna fall out of the sky..." -A.E. Reading 1991
"Don't forget that most of the judges in witches trials had harvard degrees."
"Someday! Someday, everything you need, is just gonna fall out of the sky..." -A.E. Reading 1991
"Don't forget that most of the judges in witches trials had harvard degrees."
FF constantly informs me that HL is not trustworthy. i'm adding exceptions, but i have cleaning history with closing browser.
- lazarus corporation
- Lord Protector
- Posts: 3444
- Joined: 09 May 2004, 17:42
- Location: out there on a darkened road
- Contact:
Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.
- lazarus corporation
- Lord Protector
- Posts: 3444
- Joined: 09 May 2004, 17:42
- Location: out there on a darkened road
- Contact:
Should be fixed now.lazarus corporation wrote:Just been chatting with QB over email and he will be applying some technical wizardry (known as a "Post-GoT CRT Bundle File"). Should have it fixed soon.
- Nikolas Vitus Lagartija
- Overbomber
- Posts: 2485
- Joined: 04 Aug 2011, 23:35
- Location: Scotland
- Contact:
Well done, chaps I have no idea what any of the above means but I think it means that we can all sleep peacefully and carry on posting !