@octoamit
Heartbleed did not affected Doit.im. Our program was patched the day when the vulnerabilities were published.
Heartbleed
PRO
octoamit 04/13/2014 03:38
Platform:AllCompleted
Looking a thttps://lastpass.com/heartbleed/?h=doit.im it appears the site is still vulnerable to the heartbleed bug (http://heartbleed.com/). I'm wondering if you are still vulnerably and if so what you are doing to fix it and when it will be fixed.
-
04/14/2014 09:48#2
PRO
-
04/14/2014 13:52#3
@wendy_only
Thank you for your reply. That's good news your servers were patched so quickly.
However, this bug existed for two years and your certificate was issued 10/06/2013. This means if someone was able to get the encryption keys between when your certificate was issued and the day your servers were patched, they would be able to decrypt any past and future traffic to the protected services and to impersonate the service at will. Are there plans for re-keying your certificates? If so when? I am wanting to change my password, but until the certificates are re-keyed doing so is pointless. -
04/15/2014 06:24#4
@octoamit
Hi,
We have re-keyed our certificates. You can change your password. :) -
04/15/2014 15:04#5
@wendy_only
Thanks for getting back to me and for the information.
One last question... can you tell me why the issued date is still showing as "Mon Oct 07 00:00:00 UTC 2013"? I was thinking when the certificates were re-keyed the Issued On date would change. -
04/16/2014 03:35#6
@octoamit
Hi,
Do you mean the start date of the validity period of the certificates? -
04/16/2014 07:36#7
This is a private comment.
-
04/16/2014 14:43#8
That's correct. I was expecting that date to change, but reading online I've learned that many certificate authorities allow you to re-key a certificate so that the private key is changed but the validity dates remain the same.
Thanks so much for your patience, prompt replies, and the best GTD service on the planet! :)