News and Announcements
What's news on Wolfing?
13 April 2014 06:07 AM Posted by: WolfKodi
Heartbleed BugViews: 769
Wolfing is not affected by the OpenSSL Heartbleed Bug. Users of Wolfing do not need to take any action which would have included changing their passwords or logging out of all devices.
This is because the Heartbleed Bug only affects sites that use the secure web or https connection, indicated by a green padlock sign on most web browsers. The secure connection is only more common on sites that perform financial transactions where credit-card numbers or other highly sensitive information is being exchanged. Wolfing does intend to have https connection soon, giving users the chance to chat in bank-level encrypted internet information transfers between the user and Wolfing. I am glad this bug is discovered before I rollout the secure connections to users. Wolfing's server does use OpenSSL but I have immediately updated it to the fixed version 1.0.1g.
For those who want to know more about Heartbleed, it is a software bug in the open-source cryptography library OpenSSL. It is called so because it is a bug found in the Heartbeat feature of the secure SSL connection. A Heartbeat signal is exchanged between a client and server as a connection keep-alive information. With a vulnerable version of OpenSSL, clients could lie and request more information to be returned and the server would leak extra data from the memory thus allowing an attacker to access crucial and confidential information from the server's memory.