hubbubs response to Heartbleed, the OpenSSL vulnerability (CVE-2014-0160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160) On Monday 4/7/2014 a vulnerability to OpenSSL was announced to the public. Essentially, this is a vulnerability in the protocol that encrypts https traffic in transit, between a user and a website. See this article in the New York Times for a good explanation -mobile.nytimes/blogs/bits/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/ At hubbub, the security of our users data is of the utmost importance. Our response to this issue has been as follows: On Tuesday morning, 9:03am Pacific 4/8/2014, the software running our SSL endpoints was upgraded. Later on Tuesday morning, approximately 10:30am Pacific, 4/8/2014, the version of PostgreSQL we use was also upgraded. You may have noticed a few failed responses mid-morning Pacific time. That was our database restarting and warming its cache back up. See this for more detail -- https://status.heroku/incidents/606 On Wednesday 4/9/2014, we installed a new SSL certificate across all of our environments, testing and production, backed by a new, different private key. We have no evidence that at any time, any of your sensitive information was compromised. We are simply following the best practices outlined by the Security community with respect to this issue. Lastly, we have changed our security credentials for software providers who have recommended that we do so. If you have any further questions or comments - please feel free to email adam@hubbubhealth Thank you for your use and support of hubbub - we greatly appreciate it. adam co-founder, VP Product and Technology, hubbub health
Posted on: Thu, 10 Apr 2014 01:41:31 +0000
Trending Topics
Recently Viewed Topics
© 2015