Is LDS.org safe to log in after Heartbleed?

Discuss ideas and suggestions around the Church website.
Post Reply
cscooper2000
New Member
Posts: 2
Joined: Sat Mar 29, 2014 7:06 pm

Is LDS.org safe to log in after Heartbleed?

#1

Post by cscooper2000 »

What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
eblood66
Senior Member
Posts: 3907
Joined: Mon Sep 24, 2007 9:17 am
Location: Cumming, GA, USA

Re: Is LDS.org safe to log in after Heartbleed?

#2

Post by eblood66 »

cscooper2000 wrote:What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
Patching and installing new certificates has already been done. See this post: https://tech.lds.org/forum/viewtopic.ph ... ed#p122730

I don't know that they have any plans to advertise this on the home page or the SSO page.
scgallafent
Church Employee
Church Employee
Posts: 3025
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Re: Is LDS.org safe to log in after Heartbleed?

#3

Post by scgallafent »

cscooper2000 wrote:What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.
eblood66
Senior Member
Posts: 3907
Joined: Mon Sep 24, 2007 9:17 am
Location: Cumming, GA, USA

Re: Is LDS.org safe to log in after Heartbleed?

#4

Post by eblood66 »

scgallafent wrote:
cscooper2000 wrote:What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.
It looks like LastPass has been updated. It now says that lds.org was never vulnerable.
Post Reply

Return to “Main Church Website”