Heartbleed bug and encryption
So, I feel the need to ask.
When I log in, I get a popup window with no indication that I'm aware of that the transmission of my user id and password is encrypted at all.
Assuming it is encrypted, is the sift using OpenSSL and using the vulnerable version that had the heartbleed bug?
Thanks.
When I log in, I get a popup window with no indication that I'm aware of that the transmission of my user id and password is encrypted at all.
Assuming it is encrypted, is the sift using OpenSSL and using the vulnerable version that had the heartbleed bug?
Thanks.
5 Comments
Good question for @dag and @lucky760!
As any geek will be able to tell you, our login capability was not affected by Heartbleed...
because our login form is not encrypted.
We did upgrade everything within a day or so that Heartbleed was announced because there are other SSL-related things that may have been affected, but our logins have always been vulnerable to sniffing without the aid of a massive two-year bug in SSL.
Thanks. Why isn't our login encrypted?
As any geek will be able to tell you, our login capability was not affected by Heartbleed...
because our login form is not encrypted.
We did upgrade everything within a day or so that Heartbleed was announced because there are other SSL-related things that may have been affected, but our logins have always been vulnerable to sniffing without the aid of a massive two-year bug in SSL.
*silver
Awarding VoodooV with one star point for this contribution to VideoSift - declared quality by eric3579.
Discuss...
Enable JavaScript to submit a comment.