Tuesday, 8 April 2014
Problem: SE is open to an OpenSSL vulnerability
Description: The Heartbeat bug exist in the version of OpenSSL we are using here. This can be used to get any information in active memory on this webserver. Considering how we lost Orignal SE, this might be a tempting target if not patched quickly.
[Problem Category: Logging In/Out] [by kylemcbitch @7:37pm] [Closed]
|steele said @7:38pm on 9th Apr status changed to: [Closed]|
Godaddy has quote "fully implemented the recommended patch for the Heartbleed SSL issue" Tester is showing us as good.
|steele said @3:26pm on 9th Apr |
Got an email back from godaddy. They're aware of the vulnerability and working on it. It's even on their status page. IOW, they've gotten a lot of emails about it ;)
Before anyone worries, I do have an up to date back up of the code and a back up of the database as of now. So even in a crash situation we can be back up in no time.
|steele said @7:47pm on 8th Apr status changed to: [Assigned]|
Working on it.