CKRSCCA & the Heartbleed Bug

General CKR Happenings
Forum rules
NOTE: All content in this forum is displayed publicly on the web to all users, regardless of being logged in.
Michael
Site Admin
Posts: 3295
Joined: Wed May 09, 2007 10:40 pm
Location: Lexington, KY
Contact:

CKRSCCA & the Heartbleed Bug

Post by Michael »

The OpenSSL Heartbleed bug has been making significant news lately. It's a bug in certain OpenSSL implementations that can leak sensitive data from supposedly secure host systems, including passwords.

CKRSCCA, like many small sites and forums, does not utilize SSL (https sites in your browser) so we are not affected. However, on forums and sites such as CKR you should not used passwords that you use anywhere else, you should have a unique password in the case that if your password was compromised here the attacker could not use your sensitive information to gain access to other systems. You should never use the same password for your email account on any website, secure or not.

Our registration service Motorsportreg does use SSL however, and they have their own response at http://blog.motorsportreg.com/heartblee ... y-response TL;DR is that they were not using an affected version of OpenSSL.

For a list of popular websites and their status, there is a great hit list here: http://mashable.com/2014/04/09/heartble ... -affected/ We suggest everyone should review this list and change passwords as appropriate.

You can read more about the Heartbleed bug on http://heartbleed.com/