Spotdox’ Heartbleed
How were Spotdox users affected by Heartbleed?
In short, not, due to the way Spotdox has been architected (with security in mind) and a secondary layer of encryption.
Our server’s version of OpenSSL was updated, and the heartbleed bug fixed on April 9, 2014 (at approximately 11:15AM GMT-4)
We have re-keyed and re-issued SSL certificates for all domains and services related to Spotdox.
Since we store no passwords or authentication tokens there is nothing for you need to do.
Find out more about our privacy and security here: spotdox.com/security-and-privacy
If the above did not make any sense to you, here is a some background information about OpenSSL and the Heartbleed bug:
What is OpenSSL?
OpenSSL refers to the name of a 1998 project that was started to encrypt websites and user information across the Web. The “SSL” in “OpenSSL” refers to a Secure Sockets Layer (also known as transport layer security or TLS), and OpenSSL is an open project (meaning any programmer or coder can work on it) that was designed to prevent hackers from retrieving personal data submitted by users to a website (such as a banking, shopping, or digital content website).
Since OpenSSL is established to prevent hacker theft with internet data, it seems to be an important endeavor; yet and still, you wouldn’t recognize this right away. There are only eleven people currently that work in OpenSSL: 46-year-old British cryptographer Dr. Stephen Henson, volunteer Geoffrey Thorpe, two other British volunteers, a German developer, and a few others. Stephen Henson is the only full-time employee on the OpenSSL project. What started as a project committed to data encryption has now become standard on two-thirds of all websites on the Internet.
What is Heartbleed?
Heartbleed is a bug discovered by Codenomicon employees Riku, Antti, and Matti and Google employee Neel Mehta. Heartbleed is essentially a programming error, whereby the programmer (and subsequent reviewers) did not validate the length of a specific request. This XKDC.com web commic breaks down what the hearbleed bug is and how it could potnentialy be used:
