HanDBase and HeartBleed
Posted: Fri Apr 11, 2014 1:04 pmJust an update to those who are concerned about the recent Heartbleed vulnerability revelation. As you may have heard, a longstanding bug or vulnerability existed in SSL used by most website servers meant that websites could have their private keys compromised and then all supposedly secure communications could be eavesdropped and used to the detriment of the users and owners of the website.
Some have asked us if this concern has any effect on HanDBase or our website. So I wanted to address both aspects of the question:
1. HanDBase does not use SSL so this vulnerability has no effect or concern. Our database encryption is based on a completely different standard and our built in web server for Desktop Connect does not use encryption at all, so is a non issue. No changes or fixes are necessary on our part as a result.
2. Our website does use Apache and only our storefront uses SSL. We verified that the vulnerability does not exist on our server at this time. In addition, we regenerated SSL certificates so that if there ever was a time we were vulnerable to the attack, those private keys are all now invalid anyway. Our web host informed us that our server never had the vulnerability but we took this as an extra precaution.
Thus, you can be confident that HanDBase and our website should be free from any concerns as it relates to the Heartbleed vulnerability.
If you are curious as to the status of other sites you visit/browse, I'd suggest using this tool to check the website:
https://lastpass.com/heartbleed/
Only when the site shows as secure on that page should you feel confident enough to change passwords and continue using on sites that may have been affected. Stay safe out there!
Some have asked us if this concern has any effect on HanDBase or our website. So I wanted to address both aspects of the question:
1. HanDBase does not use SSL so this vulnerability has no effect or concern. Our database encryption is based on a completely different standard and our built in web server for Desktop Connect does not use encryption at all, so is a non issue. No changes or fixes are necessary on our part as a result.
2. Our website does use Apache and only our storefront uses SSL. We verified that the vulnerability does not exist on our server at this time. In addition, we regenerated SSL certificates so that if there ever was a time we were vulnerable to the attack, those private keys are all now invalid anyway. Our web host informed us that our server never had the vulnerability but we took this as an extra precaution.
Thus, you can be confident that HanDBase and our website should be free from any concerns as it relates to the Heartbleed vulnerability.
If you are curious as to the status of other sites you visit/browse, I'd suggest using this tool to check the website:
https://lastpass.com/heartbleed/
Only when the site shows as secure on that page should you feel confident enough to change passwords and continue using on sites that may have been affected. Stay safe out there!