Heartbleed bug - we weren't affected

News about UOAA and this Discussion Board.
Post Reply
User avatar
Bob Webtech
Site Admin
Posts: 1000
Joined: 2005-09-29 11:17:09

Heartbleed bug - we weren't affected

Post by Bob Webtech »

If you've heard of the recently discovered Heartbleed bug, you may be wondering if our site was affected and if you need to change your password on this board. The good news is that, based on an announcement from our hosting company DreamHost, we can conclude that the https implementation on this board wasn't using a vulnerable version of OpenSSL, so you don't need to change your password.

Please note, however, that if you've been using the same password on multiple sites, you should change passwords in order to use different passwords on different sites. This is to minimize the damage if any one site gets compromised.

For more information about Heartbleed, you can read pages on the CNET and PCWorld sites. See lists of popular websites from CNET and Mashable with recommendations on which passwords you need to change. And to help decide for other websites, see Heartbleed testers from Filippo Valsorda and from LastPass.

Note: for any website that's currently still vulnerable to Heartbleed, do not change your password or even log on. Wait for the website operators to fix the vulnerability; then change your password.

Bob Baumel, UOAA discussion board administrator
Post Reply