Heartbleed and Blackfly

Submitted by adixon on Wed, 04/09/2014 - 15:40

The newly discovered Heartbleed bug did affect our servers, which use OpenSSL for https websites.

We've made use of the upstream patches for our version of Linux and our tests confirm that the vulnerability is now closed.

In theory, this vulnerability could have been used to gain unauthorized access to the servers, but we don't expect this is likely because we don't store financial/credit card/other valuable data on our servers, and there are many more valuable targets out there (it's good to be small, in this case).

We'll be following up with a more detailed audit of our logs and will review this assumption, and we'll follow the recommended procedure of changing our administration passwords.

Hey, and guess what? Here's a post from a couple of weeks ago talking about exactly this possibility: