Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Heartbleed

  1. #1
    Join Date
    Jul 2009
    Posts
    80

    Default Heartbleed

    I was wondering how you are with this Heartbleed nasty that's around. Is your website updated to protect transactions or should we change passwords?

  2. #2
    Join Date
    Jul 2009
    Location
    Cornwall
    Posts
    3,172

    Default

    I don't know anything about it Pru. I'd be interested to know what others think.

  3. #3
    Join Date
    Jul 2009
    Location
    Romsey
    Posts
    5,087

    Default

    It's a bug that has recently been unveiled in the OpenSSL (secure sockets layer) implementations used extremely widely for encrypted traffic. AFAICT it affects all Linux-based implementations - but I don't think any MS IIS installations are affected. Which makes me grumpy

    http://en.wikipedia.org/wiki/Heartbleed

    A bit of a bugger, all told. It's good practice to regularly change passwords anyway.

  4. #4
    Join Date
    Jul 2009
    Posts
    80

    Default

    As far as my non-techy brain understands it's a matter of whether sites using online trading software are using the particular (I believe common) software affected and whether the site has been patched against this Heartbleed pest. Hence the question. Beyond that I dunno nutin'!

    But I spend lots of money here so it'd be good to know it's all OK.

    ((and hi Carole! :wave

  5. #5
    Join Date
    Jul 2009
    Posts
    80

    Default

    So has the Cooksons site been updated do you know Peter?

    I understand you need to change passwords after a site has been made secure.
    Last edited by Somersetmaker; 22-04-2014 at 02:03 PM.

  6. #6
    Join Date
    Jul 2009
    Location
    Romsey
    Posts
    5,087

    Default

    It's not just trading sites - Wikipedia was using a flawed implementation.

    Cooksons, despite my mocking (and now having to eat a little bit of humble pie) I believe use Microsoft IIS - which does not use OpenSSL at all. I'd wait for Rob to confirm that though (the IIS bit, I know IIS doesn't use OpenSSL).

  7. #7
    Join Date
    Apr 2009
    Location
    Birmingham, West Midlands
    Posts
    161

    Default

    Hi,
    As Peter has said, we use IIS and this doesn't use OpenSSL. Cooksongold has recently had a PCI security scan run on it, which it has passed.
    Regards
    Dave
    _______________________________________________
    Web: http://www.cooksongold.com/
    Forum: http://www.cooksongold.com/forum/
    Blog: http://www.cooksongold.com/blog/

  8. #8
    Join Date
    Jul 2009
    Posts
    80

    Default

    Excellent! Many thanks Dave and Peter.

  9. #9
    Join Date
    Jul 2009
    Location
    Cornwall
    Posts
    3,172

    Default

    How do I find out what my site uses? I use Magento, if that's any help.

  10. #10
    Join Date
    Jul 2009
    Location
    Romsey
    Posts
    5,087

    Default

    Magento is open-source and runs on LAMP - which stands for Linux, Apache, MySQL, PHP. So, it's very likely that OpenSSL is in use there and will need to be patched. Assuming you aren't running your own server at home, I'd ask your hosting company about it.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •