Heartbleed: Serious SSL Security Vulnerability
Posted: Wed Apr 09, 2014 9:27 pm
Though this issue does not effect CMSMS directly, and only effects users that are using SSL on their websites it is important enough to mention.
An important security vulnerability has been detected in SSL libraries that will allow a malicious person to intercept SSL communications to get personal data including usernames and passwords (and on eCommerce sites potentially credit card information etc). They can also access the memory on the server and extract private keys and other nasty stuff.
This vulnerability only effects people who's sites are using SSL.
If you are hosting your sites on a dedicated server, or a VPS you need to investigate how to upgrade your SSL libraries. If you are using a shared server you should ensure that your hosts have upgraded their servers appropriately.
For more information on this vulnerability, also known as "Heartbleed," visit: http://heartbleed.com/
An important security vulnerability has been detected in SSL libraries that will allow a malicious person to intercept SSL communications to get personal data including usernames and passwords (and on eCommerce sites potentially credit card information etc). They can also access the memory on the server and extract private keys and other nasty stuff.
This vulnerability only effects people who's sites are using SSL.
If you are hosting your sites on a dedicated server, or a VPS you need to investigate how to upgrade your SSL libraries. If you are using a shared server you should ensure that your hosts have upgraded their servers appropriately.
For more information on this vulnerability, also known as "Heartbleed," visit: http://heartbleed.com/