Jump to content

Notification suggestion (re: heartbleed)


Peter F.

Recommended Posts

Given that IPS has a large base of customers who run a variety of websites (many of whom may not be the most security savvy) would IPS consider sending out a notice to it's customers about heartbleed? Especially given that it has now been shown by researchers that it is possible to get the raw private ssl key using heartbleed. At the very least to suggest that people using SSL certs revoke and reissue.

http://community.invisionpower.com/topic/399417-important-notice-regarding-openssl-101-to-openssl-101f/page-2#entry2475902

Link to comment
Share on other sites

It's not IPS's problem, as we know, and in issuing a notice they may be assuming responsibility for some element of support. I'd say this is for hosts to communicate to their clients, not a software vendor.

IPS do also host though, unaware if this would effect the heart bleed issue.

Link to comment
Share on other sites

True but then I would expect IPS to mail affected customers specifically, not issue a general notice that will likely panic most people.

yup

good way to cause issues would be to blindly send out email like that, then every operator on shared hosts would be freaking out.

there were topics posted here, some good discussions. I would rather I not deal with stuff like that since it has nothing to so with them.

Link to comment
Share on other sites

The largest issue with the recent exploit was the media and false information, everyone thought they were effected because the media said so... there were even testing sites put up to test for the exploit that were returning warnings on servers not effected at all.... it went so far that people totally unaffected were re-keying certificates because the media said they better do so.

It's very sad to see people get so freaked out by something the majority of people don't understand, so they falsely trust the media, and there is the issue.

If you or anyone has a question on this exploit, it's best to deal directly and only directly with your hosting provider.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...