Heartbleed?

thistle_

Is the bikradar website and forum affected by the heartbleed bug?

Do we all need to change our passwords?

welshkev

the bug has been around for about 2 years. NSA and google have known about it. if anyone wanted your stuff, they'd have it by now.

Jeff Jones

Not that we're aware of. Our web operations team did investigate at the time and our forum wasn't one of the (very few) systems affected.

That said, they do recommend changing your password because of the way it worked.

ElectronShepherd

Well, that's good to know... I think.

I'm not sure if you're saying that your SSL implementation doesn't use OpenSSL, so isn't vulnerable, or it does use OpenSSL, but is running a version more than two years old, so isn't vulnerable (to HeartBleed - let's ignore all the other bugs fixed in the last two years).

Of course, it's all a bit academic - BR logins are over unencrypted HTTP, so if someone wanted your BikeRadar password, they only need a network sniffer, not some obscure buffer overrun bug.