Heartbleed and how it affects you
This blog post explains in brief what the Heartbleed Bug is, how it affected Sourcefabric services, and what you should do to improve your security.
Heartbleed is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows information -- including traffic, the names and passwords of users and the actual content -- to be stolen. Heartbleed affects much of the internet.
Many, many servers on the web use OpenSSL. Like them Sourcefabric’s web servers and software-as-a-service sites (Airtime Pro, Booktype Pro, Newscoop Pro and Superdesk Pro) were affected, as were login.sourcefabric.org and account.sourcefabric.com.
Sourcefabric is no longer vulnerable to Heartbleed. All Sourcefabric servers have been updated. We highly recommend, however, that you log out of any and all Sourcefabric accounts and reset your passwords. While we have no evidence that your data has been compromised, better safe than sorry.
Sourcefabric does not ship OpenSSL with any of our software. Heartbleed may affect your systems, however. We strongly recommend you check with any other hosting providers you are using to see how your data may be affected.
If you need further information, please visit these sites:
-
Codenomicon: The Heartbleed Bug
-
Mashable: The Heartbleed Hit List: The Passwords You Need to Change Right Now
-
Lifehacker: What the "Heartbleed" Security Bug Means For You
-
Schneier on Security: Heartbleed