Peter F. Posted April 12, 2014 Share Posted April 12, 2014 Given that IPS has a large base of customers who run a variety of websites (many of whom may not be the most security savvy) would IPS consider sending out a notice to it's customers about heartbleed? Especially given that it has now been shown by researchers that it is possible to get the raw private ssl key using heartbleed. At the very least to suggest that people using SSL certs revoke and reissue.http://community.invisionpower.com/topic/399417-important-notice-regarding-openssl-101-to-openssl-101f/page-2#entry2475902 Link to comment Share on other sites More sharing options...
Hexsplosions Posted April 15, 2014 Share Posted April 15, 2014 It's not IPS's problem, as we know, and in issuing a notice they may be assuming responsibility for some element of support. I'd say this is for hosts to communicate to their clients, not a software vendor. Link to comment Share on other sites More sharing options...
MathewC Posted April 15, 2014 Share Posted April 15, 2014 It's not IPS's problem, as we know, and in issuing a notice they may be assuming responsibility for some element of support. I'd say this is for hosts to communicate to their clients, not a software vendor. IPS do also host though, unaware if this would effect the heart bleed issue. Link to comment Share on other sites More sharing options...
Mark H Posted April 15, 2014 Share Posted April 15, 2014 The majority of our servers were not affected by this issue at all, and those that could have been, have already been patched. Link to comment Share on other sites More sharing options...
Hexsplosions Posted April 16, 2014 Share Posted April 16, 2014 IPS do also host though, unaware if this would effect the heart bleed issue.True but then I would expect IPS to mail affected customers specifically, not issue a general notice that will likely panic most people. Link to comment Share on other sites More sharing options...
Dmacleo Posted April 17, 2014 Share Posted April 17, 2014 True but then I would expect IPS to mail affected customers specifically, not issue a general notice that will likely panic most people. yup good way to cause issues would be to blindly send out email like that, then every operator on shared hosts would be freaking out. there were topics posted here, some good discussions. I would rather I not deal with stuff like that since it has nothing to so with them. Link to comment Share on other sites More sharing options...
Rhett Posted April 17, 2014 Share Posted April 17, 2014 The largest issue with the recent exploit was the media and false information, everyone thought they were effected because the media said so... there were even testing sites put up to test for the exploit that were returning warnings on servers not effected at all.... it went so far that people totally unaffected were re-keying certificates because the media said they better do so. It's very sad to see people get so freaked out by something the majority of people don't understand, so they falsely trust the media, and there is the issue. If you or anyone has a question on this exploit, it's best to deal directly and only directly with your hosting provider. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.