New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The tip4commit website is vulnerable to Heartbleed #147
Comments
Thanks! That's strange because as far as I remember we applied the patch the same day it became available. Also I updated the software just few minutes ago - it didn't help. So we are temporary offline while upgrading the distro. Update: Perhaps upgrading the distro is an overkill. I just noticed that the results areat flippo.io are cached for up to 6 hours. Sorry about the downtime. |
Thanks for being so responsive @arsenische! |
Should be fixed now, need to wait until cache of https://filippo.io/Heartbleed/#tip4commit.com is updated. |
Can confirm it's fixed using tools locally. Thanks for fixing it so quickly. |
That's a shame that it even happened, but I clearly remember fixing it long ago. Now our private keys are potentially compromised and we need to figure out possible consequences and take measures. Shouldn't close this ticket before this is sorted out. |
Just a heads up that you're also vulnerable to POODLE: https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Ftip4commit.com%2F&hideResults=on |
Someone on hackernews said that the tip4commit website is vulnerable to Heartbleed. I'm not sure if he reported it to you.
https://news.ycombinator.com/item?id=8543392
The text was updated successfully, but these errors were encountered: