Blog
There are few examples of a security vulnerability which got in no time a site of its own like it happened a few hours ago with the so-called “Heart bleed” exploit of OpenSSL, which is implementing the SSL/TLS encryption in HTTPS-enabled sites running on nginx and Apache. What is it about, shortly? It allows connected users to read data directly from the server memory that is running it, including encryption keys – announced on http://www.openssl.org/news/vulnerabilities.html#2014-0160
We are using OpenSSL on our customers’ secure wp-admin dashboard, as well as on the Oxygen dashboard, but there is no reason to worry about it as we have upgraded the OpenSSL library with the new version that solves it completely. Also, all security keys have been preemptively changed, in order to insure a zero tolerance to the threat.
If you are not hosted on Presslabs, you should check the status of your HTTPS install with a handy tool made by Filippo Valsorda and available both as source code and as a web app: http://filippo.io/Heartbleed/.
