Announcement Heartbleed - OpenSSL Vulnerability

[Art Andrews]

Over the past 24 hours, there has been a tremendous amount of news about a serious vulnerability in a secure communications library called OpenSSL, commonly referred to as “Heartbleed.” This vulnerability allows a third party to read supposedly secure, encrypted communication between a user and a server.

Currently, the RPF infrastructure and support systems are not affected by this vulnerability and no user information has been compromised.

When a vulnerability like this pops up, it’s often best to reset your password (and check that your account email is valid). Even if your account is secure here at the RPF, if you’re using the same password on a site that was compromised, your account may be at risk.

We are continuing to monitor our servers and communications with third party services for any potential issues. If you have any questions or concerns, feel free to post them up.

 

[Hotsam]

Thanks for letting us know!

RPF infrastructure and support systems are not affected by this vulnerability

Also best to check if the domain you use is no longer vulnerable before you reset your password, otherwise your details are still exposed. There are various scanning tools for this job. I've spent the last few hours checking all the websites I use and none of these are vulnerable. I think the heartbleed error was patched up quickly globally - but best to be cautious!

Here is a good info site
BBC News - Heartbleed Bug: Public urged to reset all passwords

 

[SigsegV]

Thanks a ton for posting this. I just wish every site would let users know whether or not they were vulnerable.