A critical bug has been discovered in OpenSSL 1.0.1 through 1.0.1f (inclusive). AntiPolygraph.org is presently running OpenSSL 1.0.1e-fips. Thus, the vulnerability would allow an attacker to obtain our SSL private key and decrypt all intercepted traffic. You can read more about the so-called "heartbleed" bug here:
http://heartbleed.com/
We have requested that our Internet service provider upgade to OpenSSL 1.0.1g as soon as possible. Once this has been done, we will revoke our SSL certificate and create a new one based upon a newly-generated SSL key.
Until then, you should assume that your interactions with this website are no more secure than if we were not using SSL encryption.
A web page (http://filippo.io/Heartbleed/) has been set up to test websites for vulnerability to the heartbleed bug. As you'll note, AntiPolygraph.org is presently vulnerable:
http://filippo.io/Heartbleed/#antipolygraph.org:443
The following measures have been taken to eliminate the Heartbleed vulnerability on AntiPolygraph.org:
1) Our web hosting provider, OrangeWebsite.com, upgraded OpenSSL on our server to a version that lacks the Heartbleed vulnerability;
2) Our web hosting provider installed a new SSL certificate based on a new private key;
3) After this was done the administrator password for AntiPolygraph.org was changed, a new private key was generated, and a new SSL certificate was issued (https://antipolygraph.org/forum/index.php?topic=3364.msg38331#msg38331).
As a precaution, it would be prudent for registered users of this message board to change their passwords.