Heartbleed Fixes on the Twine.CC site?
  • The website certificates haven't been updated and the site seems to be possibly vulnerable based on generic version info. Any timeline for securing the site & data?
  • 4 Comments sorted by
  • Rule #1 with Heartbleed: Don't panic.
    Lastpass' checker says they can't tell whether it is/was vulnerable, since it's using the Tornado server

    I don't see any discussion of Heartbleed with the Tornado server. That doesn't mean it's not using it, as a scan of the GitHub for Tornado has comments indicating that OpenSSL is required for SSL.

    A response from our hosts would be nice
  • I sent a note to support, and got a response from Christina:
    "Twine.cc has been patched and the SSL certs were reissued after Heartbleed."

    So now is the time to change passwords.
  • Interesting response. The certificate that was issued previously has not been revoked and the current cert in use by the top level site was issued on 5/26/2013 and expires on 5/30/2014 but hasn't yet been swapped.
  • And now the certificate is expired as of (5/30/2014 5:19:17 AM GMT)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!