Heartbleed

[Enginehouse]

Hi guys and girls.

In the interests of net safety might I suggest the you all type the above thread title into a decent search engine and discover precisely how this very nasty situation can affect us all. Not just a simple bug but a real "back door" problem associated with OpenSSL which is a method used by large numbers of machines and major backbone suppliers on their servers to "theoretically" protect users and their data. Well worth a read if you value your own personal data security.

If Yahoo with its vast resources and well over 8 million user base are in a panic over this, the scale of the problem can clearly be seen. Just changing user passwords WILL NO LONGER WORK, unless the web serving machine at the other end has been patched. Once the machine is confirmed as patched, then is the time to change your password and not before.

As a reseller of net facilities running our own backbone servers, we have updated our machines OpenSSL to a known safe version and have advised all of our clients to immediately replace their passwords. Not yet sure yet about our mySQL vulnerability but we are working on it.

There are lists of patched, safe and known public systems (such as Google etc) on the net. Secrecy is stupidity if it puts others at risk.