What has the church tech group done about Heartbleed?
Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?
FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
Is LDS.org safe to log in after Heartbleed?
-
- New Member
- Posts: 2
- Joined: Sat Mar 29, 2014 7:06 pm
-
- Senior Member
- Posts: 3907
- Joined: Mon Sep 24, 2007 9:17 am
- Location: Cumming, GA, USA
Re: Is LDS.org safe to log in after Heartbleed?
Patching and installing new certificates has already been done. See this post: https://tech.lds.org/forum/viewtopic.ph ... ed#p122730cscooper2000 wrote:What has the church tech group done about Heartbleed?
Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?
FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
I don't know that they have any plans to advertise this on the home page or the SSO page.
-
- Church Employee
- Posts: 3025
- Joined: Mon Feb 09, 2009 4:55 pm
- Location: Riverton, Utah
Re: Is LDS.org safe to log in after Heartbleed?
LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.cscooper2000 wrote:What has the church tech group done about Heartbleed?
Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?
FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org
-
- Senior Member
- Posts: 3907
- Joined: Mon Sep 24, 2007 9:17 am
- Location: Cumming, GA, USA
Re: Is LDS.org safe to log in after Heartbleed?
It looks like LastPass has been updated. It now says that lds.org was never vulnerable.scgallafent wrote:LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.cscooper2000 wrote:What has the church tech group done about Heartbleed?
Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?
FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org