- Welcome to AntiPolygraph.org Message Board.
A forum for free and open discussion of polygraph-related topics
Posted by Administrator
- Apr 12, 2014, 06:00 AMThe following measures have been taken to eliminate the Heartbleed vulnerability on AntiPolygraph.org:
1) Our web hosting provider, OrangeWebsite.com, upgraded OpenSSL on our server to a version that lacks the Heartbleed vulnerability;
2) Our web hosting provider installed a new SSL certificate based on a new private key;
3) After this was done the administrator password for AntiPolygraph.org was changed, a new private key was generated, and a new SSL certificate was issued.
As a precaution, it would be prudent for registered users of this message board to change their passwords.
1) Our web hosting provider, OrangeWebsite.com, upgraded OpenSSL on our server to a version that lacks the Heartbleed vulnerability;
2) Our web hosting provider installed a new SSL certificate based on a new private key;
3) After this was done the administrator password for AntiPolygraph.org was changed, a new private key was generated, and a new SSL certificate was issued.
As a precaution, it would be prudent for registered users of this message board to change their passwords.
Posted by Administrator
- Apr 08, 2014, 04:57 AMA web page has been set up to test websites for vulnerability to the heartbleed bug. As you'll note, AntiPolygraph.org is presently vulnerable:
http://filippo.io/Heartbleed/#antipolygraph.org:443
http://filippo.io/Heartbleed/#antipolygraph.org:443
Posted by Administrator
- Apr 08, 2014, 04:16 AMA critical bug has been discovered in OpenSSL 1.0.1 through 1.0.1f (inclusive). AntiPolygraph.org is presently running OpenSSL 1.0.1e-fips. Thus, the vulnerability would allow an attacker to obtain our SSL private key and decrypt all intercepted traffic. You can read more about the so-called "heartbleed" bug here:
http://heartbleed.com/
We have requested that our Internet service provider upgade to OpenSSL 1.0.1g as soon as possible. Once this has been done, we will revoke our SSL certificate and create a new one based upon a newly-generated SSL key.
Until then, you should assume that your interactions with this website are no more secure than if we were not using SSL encryption.
http://heartbleed.com/
We have requested that our Internet service provider upgade to OpenSSL 1.0.1g as soon as possible. Once this has been done, we will revoke our SSL certificate and create a new one based upon a newly-generated SSL key.
Until then, you should assume that your interactions with this website are no more secure than if we were not using SSL encryption.