The tip4commit website is vulnerable to Heartbleed

[bbigras]

Someone on hackernews said that the tip4commit website is vulnerable to Heartbleed. I'm not sure if he reported it to you.

The tip4commit website is vulnerable to Heartbleed:
https://filippo.io/Heartbleed/#tip4commit.com
Don't sign in or register or you may have more to worry about than undesired tax liabilities.

https://news.ycombinator.com/item?id=8543392

[arsenische]

Thanks! That's strange because as far as I remember we applied the patch the same day it became available. Also I updated the software just few minutes ago - it didn't help. So we are temporary offline while upgrading the distro.

Update: Perhaps upgrading the distro is an overkill. I just noticed that the results areat flippo.io are cached for up to 6 hours. Sorry about the downtime.

[BLKSwan]

Thanks for being so responsive @arsenische!

[arsenische]

Should be fixed now, need to wait until cache of https://filippo.io/Heartbleed/#tip4commit.com is updated.

[roganartu]

Can confirm it's fixed using tools locally.

Thanks for fixing it so quickly.

[arsenische]

That's a shame that it even happened, but I clearly remember fixing it long ago. Now our private keys are potentially compromised and we need to figure out possible consequences and take measures.

Shouldn't close this ticket before this is sorted out.

[rpicard]

Just a heads up that you're also vulnerable to POODLE: https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Ftip4commit.com%2F&hideResults=on