Pro Bono Australia Safe from Heartbleed Vulnerability
14 April 2014 at 12:20 pm
Pro Bono Australia’s website has not been affected by the Heartbleed security vulnerability that has compromised many password secure websites across the world.
Pro Bono Australia Technical Operations Manager Ben Dechrai said the Heartbleed security vulnerability was the result of a change made in December 31, 2011 to the underlying piece of software used for creating secure certificates, such as the ones used to give a padlock on secure websites.
“Almost two and half years later, this line of code was found to create a vulnerability in the software that essentially means any website using this software to provide secure communications may as well not have been protected,” Dechrai said.
“In fact, the vulnerability has even been found to allow others to assume the identity of another secure website completely.
"Visits to these imposters would result in your browser assuring you they were legitimate. Most frustrating of all, the original site operators would have no indication in their auditing or logging systems that this had occurred.”
Dechrai said Pro Bono Australia was running on a version of OpenSSL that wasn’t affected by this vulnerability, however advised that if a Pro Bono Australia user had the same password on any other system that might be affected, they should change their password.
Dechrai recommended that people change passwords with every single website provider.
“It's important to note that, if you change any details, such as your passwords, on sites that were affected, you must do this after you know they have fixed the issue. Do it beforehand, and you might be giving the new details to someone else,” he said.
“If you use the same password across multiple services, and just one of those services has been compromised, I recommend you change the password on all services. I also recommend you use a different password for every service.”