Heartbleed Bug Security Update
Heartbleed Bug Disclosure
On Monday April 7th, security researchers at the OpenSSL project announced a serious bug affecting OpenSSL, an open-source encryption library.
The bug became known as the Heartbleed bug. OpenSSL is a very popular server component to handle SSL connections and is used by many services including Conceptboard. An update to close the security hole this bug introduces was released together with the disclosure.
Conceptboard Security Updated
We sprang into action, and as of Tuesday April 8th, 12:10 UTC we’ve completed the recommended steps to ensure our site is not affected anymore. This includes upgrades for all relevant server components to the fixed version, as well as re-keying all of our SSL certificates, as is recommended.
Our user’s trust and security is of primary importance to us, which is why we reacted quickly to the news. As of now, there are no publicly known cases of attacks on any services using this bug, but due to the nature of the Heartbleed bug, it is hard to tell if a service and its users were affected. We advise all our users to change their passwords, as they are part of the information that could have been leaked due to this bug.
If you are interested in more technical details about the bug go to this information page for background information from Codenomicon, a security vendor who was involved in the discovery of this bug. You can validate our efforts in securing our SSL access with this SSL checker from Qualsys, a security vendor for cloud services.