Security: Mitigating Heartbleed vulnerability
On April 7th, 2014 the CVE-2014-0160 vulnerability of OpenSSL, commonly known as the Heartbleed bug, got announced to the public. This vulnerability allows attackers to gain access to read the memory of the host and even read private keys of the server. By now, we have no signs that sourceLair has been compromised by that kind of attack.
What we did about this
We seriously care about our users’ security and privacy, so we took the appropriate measures, to ensure that you are safe, when you use sourceLair to do your work:
- We upgraded our version of OpenSSL to the one that has the Heartbleed bug fixed.
- We restarted all services that were using OpenSSL on our server.
- We re-issued our SSL (HTTPS) keys and certificates.
- We deleted all user sessions that started before we fixed this issue.
What you can do about this
In order to ensure even more security for yourselves, you can take several measures as well:
- Reset your sourceLair password.
- Revoke the GitHub access token for sourceLair and then issue a new one by logging-in with GitHub again (your sourceLair password will be needed for that)
We are constantly following updates on this issue so as to take additional measures, if needed, in order to ensure the highest level of security possible. You can follow us on Twitter, in order to stay tuned with our updates on that issue.
Till then you can go to www.sourcelair.com and continue coding on the cloud, relaxed and secure.