Draft’s Heartbleed Reponse

On April 7, 2014 information was released about a security vulnerability in OpenSSL, named Heartbleed. You can read more about it, here:

http://heartbleed.com/

It’s a very serious vulnerability that breaks the SSL encryption we depend on to keep our information secret. It affected two thirds of the websites we visit every day, including sites like Google, Yahoo, Amazon, Etsy, Tumblr, etc. Unfortunately, that includes Draft because it uses OpenSSL through its hosting providers Heroku+Amazon.

I have no evidence the vulnerability was used to attack Draft and our data, but I immediately took the recommended actions to protect the service. And for stronger confidence, you should change your Draft password here:

https://draftin.com/draft/users/edit

And because of how many sites use OpenSSL and were affected by this vulnerability, you should change your passwords across the internet, especially places using SSL.

How this has been fixed in Draft #

Heroku and Amazon patched their servers and have been monitoring their networks for abuse:

https://blog.heroku.com/archives/2014/4/8/openssl_heartbleed_security_update

Measures I’ve taken:

If you have any questions, please email me and let me know: nate@cityposh.com


And if you run any SSL protected websites, the most important thing you can do next in your day is make sure you’ve upgraded OpenSSL and start taking similar measures to protect your users. You can test your websites to see if they are vulnerable with this tool:

http://filippo.io/Heartbleed/

 
107
Kudos
 
107
Kudos

Now read this

HTML5 Page Cache with pjax + Web Storage + Firebase

I was curious if anyone was using HTML5 features like the appCache or localStorage to create some kind of client side cache of rendered pages of a dynamic website, and then using a technology like Firebase or a WebSockets implementation... Continue →