Heartbleed Security Update

Sobre el bug de seguridad Heartbleed, de qué forma afectó a WordPress.com y cómo se solucionó.

The WordPress.com Blog

Last week, a very serious bug in OpenSSL was disclosed.  OpenSSL, a set of open source tools to handle secure communication, is used by most Internet websites.  This bug, nicknamed Heartbleed, allowed an attacker to read sensitive information from vulnerable servers and possibly steal things like passwords, cookies, and encryption keys.

Was WordPress.com vulnerable to Heartbleed?

Yes. WordPress.com servers were running the latest version of OpenSSL, which was vulnerable. We generally run the latest version of OpenSSL to enable performance enhancements, such as SPDY, for our users. The non-vulnerable versions of OpenSSL were over two years old.

Has WordPress.com fixed the issue?

Yes. We patched all of our servers within a few hours of the public disclosure.

Has WordPress.com replaced all SSL certificates and private keys?

Yes. Out of an abundance of caution, we have replaced all of our SSL certificates, along with regenerating all of the associated…

Ver la entrada original 98 palabras más

Navegación de entradas

Si quieres escribir un comentario...

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: