We've checked and our service doesn't use the OpenSSL library, so there shouldn't be anything to patch in Kitely.
Re: Heartbleed bug: need to reset passwords?
Posted: Wed Apr 09, 2014 6:37 pm
by Constance Peregrine
Re: Heartbleed bug: need to reset passwords?
Posted: Thu Apr 10, 2014 2:16 pm
by Cecil Gudkov
FIRST OF ALL KITELY DOESN'T USE THE OpenSSL Library! ALL IS SECURE HERE WITH THIS SECURITY ISSUE!
As of 7th April, we became aware of a serious security issue called “Heartbleed” in the OpenSSL encryption software that is widely used today. This problem has the potential to affect anyone who has any kind of online account. This vulnerability could allow intruders to access private encrypted data that is transferred online.
If possible, you should set up two-level authorisation on these services. This can be done by registering your mobile phone number with them or setting up a secret question etc...
Before changing a password or logging in to a website, you should make sure that the site has also had this vulnerability removed – you may do so by performing an SSL Server test: https://www.ssllabs.com/ssltest
If better for you guys to set up a two-level authorisation on these services!
Change with a new password that should consist of capital letters, lower-case letters and numbers.
The password should be at least 8 characters long.
Hope this info to be useful for some of you!
by Cecil
Re: Heartbleed bug: need to reset passwords?
Posted: Thu Apr 10, 2014 3:54 pm
by Handy Low
Cecil Gudkov wrote:password that should consist of capital letters, lower-case letters and numbers.
Not really. I'll put this here: http://xkcd.com/936/
(For those that know it, it's the "correct horse battery staple" one).
As we've talked about before in these forums, we really need longer passwords for viewer logins, but it's not something that can be fixed just in Kitely.