The Twine forums are now archived. If you need help, please visit http://help.supermechanical.com

Heartbleed Fixes on the Twine.CC site?

Sean McPhersonSean McPherson
edited April 2014 in Miscellaneous Vote Up0Vote Down
The website certificates haven't been updated and the site seems to be possibly vulnerable based on generic version info. Any timeline for securing the site & data?

Answers

  • 5 Comments sorted by Votes Date Added
  • Joel FinkleJoel Finkle
    Vote Up0Vote Down
    Rule #1 with Heartbleed: Don't panic.
    Lastpass' checker says they can't tell whether it is/was vulnerable, since it's using the Tornado server

    I don't see any discussion of Heartbleed with the Tornado server. That doesn't mean it's not using it, as a scan of the GitHub for Tornado has comments indicating that OpenSSL is required for SSL.

    A response from our hosts would be nice
  • Joel FinkleJoel Finkle
    Vote Up0Vote Down
    I sent a note to support, and got a response from Christina:
    "Twine.cc has been patched and the SSL certs were reissued after Heartbleed."

    So now is the time to change passwords.
  • Sean McPhersonSean McPherson
    Vote Up0Vote Down
    Interesting response. The certificate that was issued previously has not been revoked and the current cert in use by the top level site was issued on 5/26/2013 and expires on 5/30/2014 but hasn't yet been swapped.
  • Sean McPhersonSean McPherson
    Vote Up0Vote Down
    And now the certificate is expired as of (5/30/2014 5:19:17 AM GMT)
Sign In or Register to comment.