Heart bleed bug: Is WP compromised?
-
Heartbleed hacks hit Mumsnet and Canada’s tax agency:
http://www.bbc.co.uk/news/technology-27028101
And we are still waiting for WordPress to change its certificate.
-
When an SSL certificate is just rekeyed, does the “date issued” get updated? If not, maybe they already rekeyed it.
If they haven’t, that does seem kind of lame.. since rekeying an SSL certificate and updating your server(s) shouldn’t take very long. Unless maybe CA’s are being overrun by requests and having technical issues. I find that unlikely though, and I had no problems rekeying an SSL certificate I own from GoDaddy yesterday (mine was also up for renewal though, so did get a new issued date, but not sure if that happens with just a rekey).
I guess it’s good Google hasn’t dropped the “SSL bomb” yet, or this would have been a much worse problem even for the little guys. Once Google starts giving higher SEO ranking for SSL sites, other than CAs stock prices jumping, then a lot more sites will have SSL and would have had this issue.
-
It seems either lame (lazy) as you say, or WP were too blasé and arrogant to announce it. The third option would be incompetence, which I doubt.
-
I just checked the LastPass link and it says that a new certificate was created two hours ago, so it is ok to now change your passwords. One less site for me to worry about. :)
-
See now the WordPress blog, at last. Phew!
I’d really like to thank all the people who’ve kept this issue in the air while people like myself, who were too worried actually to log in and express their worries until something official was said, dithered on the outside. If I’m anything like typical you spoke for many more than you may have realised.
-
For information on the Heartbleed bug and security concerns on WordPress.com, please refer to the following post for the most current information: http://en.blog.wordpress.com/2014/04/15/security-update/
-
-
- The topic ‘Heart bleed bug: Is WP compromised?’ is closed to new replies.
WordPress.com Forums 