Last week, a very serious bug in OpenSSL was disclosed. OpenSSL, a set of open source tools to handle secure communication, is used by most Internet websites. This bug, nicknamed Heartbleed, allowed an attacker to read sensitive information from vulnerable servers and possibly steal things like passwords, cookies, and encryption keys.
Was WordPress.com vulnerable to Heartbleed?
Yes. WordPress.com servers were running the latest version of OpenSSL, which was vulnerable. We generally run the latest version of OpenSSL to enable performance enhancements, such as SPDY, for our users. The non-vulnerable versions of OpenSSL were over two years old.
Has WordPress.com fixed the issue?
Yes. We patched all of our servers within a few hours of the public disclosure.
Has WordPress.com replaced all SSL certificates and private keys?
Yes. Out of an abundance of caution, we have replaced all of our SSL certificates, along with regenerating all of the associated…
View original post 98 more words
Pingback: URL
Test
LikeLike
I wrote on the 10th of April.
For those people concerned about the breaches of security as announced in the media, here a way to test if you have been compromised in using passwords and user names.. No one can do anything to rectify the problem individually. Only the service provider can do that.
http://filippo.io/Heartbleed/
LikeLike
Thank you for putting this up. I did catch up with it some time or other. How come no-one has pinched anything out of my bank account ever yet I often wonder. They must be nice.
LikeLike
Some Australian banks managed to dodge the security issue, whether it’s because they use different encryption, or better antivirals, I’m unsure.
LikeLike
I’m glad WordPress has renewed it’s certificates. I was certified once.
LikeLike
Should I change my WordPress.com password?
If you want to, you are welcome to change your password. If you are using the same password other places on the Internet, we urge you to change your password and remind you to use unique passwords wherever possible.
LikeLike
Thanks.
LikeLike