[bitfolk] Regarding possible exposure of your BitFolk account credentials via the "heartbleed" vulnerability

On Tue, Apr 08, 2014 at 06:21:58PM +0000, Andy Smith wrote: Some information about the possible exposure of your BitFolk credentials to this bug: - https://tools.bitfolk.com/… (wiki, feature tracker, cacti) Hosts terminating these SSL sessions were upgraded to Debian wheezy on September 22nd 2013 so there was therefore a window between then and Tuesday 8th April 2014 during which the vulnerable versions of OpenSSL were being run. An attacker with knowledge of the bug could conceivably have abused it to read server memory, which could possibly have contained your BitFolk credentials. The likelihood of someone who was already aware of this bug using it to steal credentials of BitFolk customers from our wiki / tracker / cacti sites inside the 6.5 month window seem very low, but if you think you have logged in to any of those sites since last September then you may wish to change your passwords as a precaution. You can change your password via: https://panel.bitfolk.com/account/security/ The SSL cert has since been replaced. - https://bitfolk.com/ https://panel.bitfolk.com/ https://nagios.bitfolk.com/nagios/ These sites have never run vulnerable versions of the OpenSSL libraries. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce