Current Articles | RSS Feed RSS Feed

Assembla's reaction to the SSL security vulnerability "Heartbleed"

Posted by Andy Singleton on Tue, Apr 08, 2014
  
  

heartbleedThe Internet was surprised recently by a bug in the OpenSSL software, called "Heratbleed," that might allow an attacker to see your HTTPS traffic including your password on a Web login form.  You can read about some of the technical details regarding "Heartbleed" here and the OpenSSL 1.0.1g fix here.

We updated the Assembla servers to remove the vulnerability within a few hours of being notified about a fix. Our acceleration provider, Edgecast, had not yet updated their servers with the fix. This extended the time that Assembla users were exposed to the vulnerability for a few more hours. We had turned off Edgecast, causing some pages to render more slowly, until Edgecast's servers were updated. Everything has since returned to normal.

Protect Yourself!

  • It is recommended that you reset your Assembla password. You can do so using the password reset form
     
  • If you use API keys or tokens, we recommend that you reset your API keys or tokens.
     
  • If you use the FTP tool, we recommend that you reset your server login credentials and update these credentials in Assembla's FTP tool.

If you have any questions or concerns, please do not hesitate to contact us

Tags: 

COMMENTS

The bug was discovered by the white-hats recently, but there is no telling how long some black-hats have known. As such, if you are truly paranoid about security, even if you have not logged into Asseembla in the past 24 hours, if you have ever logged into Assembla, or any site that uses SSL during login, you may want to change your password. 
 
That said, it is good to know Assembla is on top of this bug. Thank you!

posted @ Wednesday, April 09, 2014 8:51 AM by Nick Floersch


I would change your password period. Not just if you logged in in the past 24 hours. The vulnerability has been present for a long time.

posted @ Thursday, April 10, 2014 1:58 PM by Terry


Comments have been closed for this article.

Follow Assembla

twitter facebook youtube linkedin googleplus

Get Started

blog CTA button

Subscribe by Email

Your email: