Heartbleed

dragonnn • 10 April 2014 at 4:49 PM

Not sure if this is the correct place to be posting this, and I'm not trying to stir up alarm, but is anyone else aware of this? Got a notification about it from my school.

Security threat Heartbleed. Attacks websites using versions of OpenSSL. User data may be stolen.

Link to check sites that have been hit/vulnerable: https://lastpass.com/heartbleed/?h=eggcave.com

Article on how to protect yourself: http://mashable.com/2014/04/09/heartbleed-what-to-do/

Information on threat: http://heartbleed.com/

The vulnerability checker says that eggcave is vulnerable...
Hoping staff members are aware/see this.

Orderedchaos • 10 April 2014 at 4:50 PM

@dragonnn A security patch was applied not long ago. I'm pretty sure Ian is both aware of this and making sure this site is secure.

dragonnn • 10 April 2014 at 4:52 PM

@Orderedchaos

All right.
Thank you for the quick and reassuring response!

Ian • 11 April 2014 at 2:59 PM

@dragonnn

Hello! Yes, a security patch was applied to Egg Cave immediately. We do not believe that our site was affected by this bug. In addition, any financial transactions were conducted on Stripe or PayPal, both of whom were also not affected by this bug.

PayPal:

https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568

With regards to Stripe, it more affects platform developers (i.e. us) and not any users who processed financial transactions through them:

https://stripe.com/blog/heartbleed

Topic closed.