<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KW6H96" height="0" width="0" style="display:none;visibility:hidden">

Salsa Blog

Update your Password because of Heartbleed

Heartbleed

You really should update your passwords across the Internet. Why? Heartbleed.

It sounds terrible, doesn't it? An alarming name for a rather alarming bug with security encryption used on many sites, you'll want to make sure to update any passwords that you use online so that your information is better protected from this point forward.

This bug is associated with certain versions of OpenSSL, a widely used encryption software. You can read more about it here, but to paraphrase, it secures “a breathtaking volume of online communications.” If you’ve ever connected to a secure Web site and seen the little padlock icon in your browser, for instance, you’ve used either SSL/TLS. The padlock is how your browser tells you that your communication with that site has been successfully secured via SSL/TLS. But SSL/TLS isn’t just for encrypting Web pages — it’s a general-purpose encryption technology that’s used almost everywhere a secure connection is needed. The most popular of these plug-in solutions has long been a set of open-source tools called OpenSSL. Because it is free, reliable, and distributed under a license that makes it easy to roll into other products, OpenSSL has (since its introduction in 1998) been the provider of SSL/TLS functionality for a gigantic range of online tools and services. The Heartbleed Bug is a place in the software code that is vulnerable to hackers that want to steal your information. Boiled down, it means is that, under certain circumstances, it’s possible for an attacker to reach across the Internet into a machine running OpenSSL and grab copies of all sorts of sensitive information — up to and including copies of that machine’s encryption keys. And that’s a big deal, because what makes your encrypted communication with someone else secure is the fact that only the two of you have the key.

The good news for Salsa users is – the versions of OpenSSL that we use for our public resources (the pages and processes that you as a Salsa user or your supporters interact with) are not vulnerable. So when it comes to Salsa and Heartbleed, you don’t have to worry.

Our support team has also received a few questions about how your gateway processors might be affected. We recommend that you contact your gateway provider (Authorize.net, FirstData, DemocracyEngine or PayPal) directly with any concerns that may be unique to their accounts. But we can assure you that the OpenSSL encryption that Salsa uses for donation pages when passing data through our system to the gateway processors is not vulnerable to the Heartbleed bug.

Please contact support@salsalabs.com if you have any questions or concerns. And update your passwords. Now! Go.

Topics: Strategy