tl;dr: we run CentOS 5; our software is so out-of-date, we are not affected by Heartbleed. Of course, you probably don't connect to us via SSL, anyway.
Heartbleed is an OpenSSL exploit that enables hackers to listen in on what should be secured connections. It's a terrible vulnerability that can lead to the leak of all sorts of sensitive information; in our case, passwords. Since most users connect over HTTP and are probably therefore not using a very secure password, this isn't an issue for most of our users. For those who do connect to us over HTTPS, you're safe, anyway, because the vulnerability is with a newer OpenSSL than we'll ever have. This has a number of downsides, but the upside is, we didn't even have to patch for this exploit. So your HTTPS passwords have been safe, and our SSH connections have been safe.
And to clarify, yes, I am still alive; I haven't lived for ten consecutive days in the same state for almost the last month, now, but I am finishing getting moved into my current apartment where I am now holding a job at Google. That said, afternoons and weekends are mine unless I break something.
|