Values: Be Honest

Announcement

Collapse
No announcement yet.

PheromoneXS Statement on The Heartbleed Bug

Collapse
X
Collapse

  • PheromoneXS Statement on The Heartbleed Bug

    Hey everyone,
    just wanted to let you know that The Heartbleed bug was patched a few hours after its release(2 days ago).
    As you know we always keep our servers and platforms secure and updated

    The Heartbleed is a defect in OpenSSL, a core cryptographic library that is used to protect communications on the Internet. This flaw affects a substantial number of applications and services running on the Internet.

    We have no evidence that PheromoneXS and DiscoverXS user credentials were compromised, but recommend that our customers change their passwords as a precautionary measure.

    Due to the widespread nature of this vulnerability, we recommend changing your passwords across the web too.

    For mobiles Google recently announced that andoid phones running Android OS newer than 4.1.1 are immune to this security flaw, but you should change your gmail login as soon as possible.

    More info on the Heartbleed Bug can be found here:

    The Heartbleed Hit List: The Passwords You Need to Change Right Now
    http://mashable.com/2014/04/09/heart...ites-affected/

    Google Services Updated to Address OpenSSL CVE-2014-0160 (the Heartbleed bug)
    http://googleonlinesecurity.blogspot...o-address.html

    'Heartbleed' bug undoes Web encryption, reveals Yahoo passwords
    http://www.cnet.com/news/heartbleed-...ser-passwords/

    Websites affected by Heartbleed: Change your Gmail, Facebook and Yahoo passwords soon
    http://tech.firstpost.com/news-analy...on-221526.html

    Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet
    http://techcrunch.com/2014/04/07/mas...-the-internet/

    Tumblr - Urgent security update
    http://staff.tumblr.com/post/8211303...ecurity-update

    Google has patched most of its major services from the 'Heartbleed' security bug
    http://www.engadget.com/2014/04/09/g...ed-patch-info/

    What You Need to Know About Heartbleed, the New Security Bug Scaring the Internet
    http://www.thewire.com/technology/20...ternet/360366/


    Full list of affected sites and services:
    https://github.com/musalbas/heartble...er/top1000.txt


    Website to test is your bank / site / service vulnerable:
    http://filippo.io/Heartbleed/



    http://heartbleed.com/



    http://i.imgur.com/ZvVVbZq.jpg

    • SteveO
      #4
      SteveO commented
      Editing a comment
      From what our Bad-Ass Technical Mater, Mr. Idle explained to me this never really was an issue to us. I remember him going to some exceptional processes to make sure some "bug" that I never even heard of was corrected. I thought he was being a little paranoid until two days later. Then the proverbially hit the fan! My news-feed was bombardedwith this heartbleed thing so like I usually do I forwarded them to Idle.

      I really thought I had found something that Idle wasn't aware of because he never mentioned heartbleed the day he had fixed it. I thought that was just him keeping a lockdown on our server like he normally does. So to my surprise and much delight he said this is what he had already patched two days prior.

      I wanted everyone to know just how amazing Idle is, not to blow smoke, but to ensure you that you can rest easy knowing he is on the job. This guy updates every little thing like always. I'm kind of easy-going on stuff like updates, but I get it. The guy is a champ and we are fortunate to have him as a part of our community.

      There's a lot of out there but we have and to make

    • masterfu678
      #5
      masterfu678 commented
      Editing a comment
      the name and logo looks creepy

    • idle
      #6
      idle commented
      Editing a comment
      Wow thanks Steve

      So you finally agree with me that paranoid is a good thing when it comes to server security
      Sorry if anyone anytime experienced weird errors or problems for no reason(in the recent years) but this was coming from the overprotective security settings.

      as for the heart bleed
      when it was patched it was just knows as CVE-2014-0160
      At first i mention to Steve that another serous part of the server needs patching
      but he hears this almost every day along and does not pay attention to my stuff
      (he just know that something somewhere somehow was fixed and we have it)
      His reaction was funny the next day when Heart bleed blew out the news


      So here is another helpful image that is floating around


      http://i.imgur.com/ZvVVbZq.jpg


    Posting comments is disabled.

Latest Articles

Collapse

Working...
X