What steps have been taken for the Heartbleed vulnerability by the BYOND Staff?
Was BYOND affected?
http://heartbleed.com/
ID:1540669
 Apr 9 2014, 3:35 pm
|
|
|
Apr 9 2014, 3:37 pm
|
|
Lige
  |
According to Tom yesterday, BYOND is not affected.
|
Lige wrote:
According to Tom yesterday, BYOND is not affected. Was this posted on the forum? Can you link to the id? | |
It was posted in our Moderator subforum. Even with a link to the id, I'm pretty sure it'd return you the default forums.
| |
Okay, I will wait for Tom to make an official statement.
Thank you. | |
This is the official statement: BYOND was not using a version of OpenSSL that was affected by this problem. There was never any possibility of it being exploited on BYOND.
| |
Thank you for the quick response Nadrew.
| |
Was doing this so hard :P
http://possible.lv/tools/hb/?domain=secure.byond.com http://possible.lv/tools/hb/?domain=byond.com | |
A.T.H.K wrote:
Was doing this so hard :P It could be possible they have already patched. Regardless, since BYOND isn't affected there's no action to take, but on websites that were affected, after they've been patched and reissued certificates, you're recommended to update your password. | |
Flame Sage wrote:
It could be possible they have already patched. Checked it an hour after all the heartbleed stuff came out, still wasn't affected. Would be nice to know what OpenSSL version they are using anyway. Regardless, since BYOND isn't affected there's no action to take, but on websites that were affected, after they've been patched and reissued certificates, you're recommended to update your password. IFTTT is a good example of that. | |
I'll confirm the statements by the mods here: the BYOND webserver is not affected by this bug.
| |