Page 1 of 1

Heartbleed bug - We Are Secure

PostPosted: Thu Apr 10, 2014 8:32 pm
by Ben Chiu
You may have read about the Heartbleed SSL bug that exposes user data the last couple of days. I just wanted to let everyone know that we are secure and have not ever been affected by this so all of our data remains secure.

If you want to read up more on this (many institutions are affected with is essentially a data breach of major proportions), here are a couple of good references:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

http://heartbleed.com/

Re: Heartbleed bug - We Are Secure

PostPosted: Sat Apr 12, 2014 12:09 pm
by Ben Chiu
An additional note regarding Heartbleed, it looks like most of the bigger services had already patched their systems before the news about this bug was released, however, Yahoo (again) is caught behind the curve. I've always warned anyone with a Yahoo account that it was the worst regarding security!

(Full disclosure: I was formerly employed by MSN and Microsoft, competitors of Yahoo, but my opinions are based on my personal cumulative experiences and knowledge. I do have financial connection with the success of Microsoft, but this does not influence my opinion of Yahoo's security issues and implementation policy.)

If you're interested, read more about Heartbleed and Yahoo here:
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/

Re: Heartbleed bug - We Are Secure

PostPosted: Mon Apr 14, 2014 3:09 pm
by Ben Chiu
Pat sent me the following. It lists the 100 top sites and their status and recommendations regarding Heartbleed.

Heartbleed bug: Check which sites have been patched http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

You can also check any web site using this online tool:
https://www.ssllabs.com/ssltest/index.html

In case you're interested we got an A. ;)
https://www.ssllabs.com/ssltest/analyze.html?d=alliancedigitalstudios.com