Is LDS.org safe to log in after Heartbleed?

Discuss ideas and suggestions around the LDS.org website.
cscooper2000
New Member
Posts: 2
Joined: Sat Mar 29, 2014 6:06 pm

Is LDS.org safe to log in after Heartbleed?

Postby cscooper2000 » Mon Apr 14, 2014 8:26 am

What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

eblood66
Senior Member
Posts: 2028
Joined: Mon Sep 24, 2007 8:17 am
Location: Cumming, GA, USA

Re: Is LDS.org safe to log in after Heartbleed?

Postby eblood66 » Mon Apr 14, 2014 8:30 am

cscooper2000 wrote:What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org


Patching and installing new certificates has already been done. See this post: viewtopic.php?f=92&t=18937&p=122730&hilit=heartbleed#p122730

I don't know that they have any plans to advertise this on the home page or the SSO page.

scgallafent
Church Employee
Church Employee
Posts: 1050
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Re: Is LDS.org safe to log in after Heartbleed?

Postby scgallafent » Mon Apr 14, 2014 8:35 am

cscooper2000 wrote:What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.

eblood66
Senior Member
Posts: 2028
Joined: Mon Sep 24, 2007 8:17 am
Location: Cumming, GA, USA

Re: Is LDS.org safe to log in after Heartbleed?

Postby eblood66 » Mon Apr 14, 2014 8:43 am

scgallafent wrote:
cscooper2000 wrote:What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.

It looks like LastPass has been updated. It now says that lds.org was never vulnerable.


Return to “LDS.org Website”

Who is online

Users browsing this forum: No registered users and 1 guest