Critical Bug in OpenSSL

[Administrator]

A critical bug has been discovered in OpenSSL 1.0.1 through 1.0.1f (inclusive). AntiPolygraph.org is presently running OpenSSL 1.0.1e-fips. Thus, the vulnerability would allow an attacker to obtain our SSL private key and decrypt all intercepted traffic. You can read more about the so-called "heartbleed" bug here:

http://heartbleed.com/

We have requested that our Internet service provider upgade to OpenSSL 1.0.1g as soon as possible. Once this has been done, we will revoke our SSL certificate and create a new one based upon a newly-generated SSL key.

Until then, you should assume that your interactions with this website are no more secure than if we were not using SSL encryption.

[Administrator]

A web page has been set up to test websites for vulnerability to the heartbleed bug. As you'll note, AntiPolygraph.org is presently vulnerable:

http://filippo.io/Heartbleed/#antipolygraph.org:443

[Administrator]

The following measures have been taken to eliminate the Heartbleed vulnerability on AntiPolygraph.org:

1) Our web hosting provider, OrangeWebsite.com, upgraded OpenSSL on our server to a version that lacks the Heartbleed vulnerability;

2) Our web hosting provider installed a new SSL certificate based on a new private key;

3) After this was done the administrator password for AntiPolygraph.org was changed, a new private key was generated, and a new SSL certificate was issued.

As a precaution, it would be prudent for registered users of this message board to change their passwords.