Jump to content



Member Since 03 Mar 2009
Offline Last Active Feb 21 2015 10:46 AM

Posts I've Made

In Topic: Important: Openssl Vulnerability May Exploit Your Store's Ssl

11 April 2014 - 08:16 AM

Since it is only the 1.0.1 through 1.0.1f implimentations of Openssl that are affected, in addition to using the websites already listed, you can double check which version your server is using this way:

Your admin panel > Administration > Database > phpinfo > ctrl + f (cmd + f for OS X users) type: openssl > enter

Your servers installed Openssl version number should show on the second or third entry depending on the setup.

It would be helpful if the CS-Cart team sent an email to their client database (as other software vendors have) to alert everyone to the issue and explain how to check, and if affected what to do. Many people in shared hosting environments need only contact their webhost and demand them to take immediate action.

CS-Cart isn't obligated to do this, but in the interest of reducing the obvious privacy/security risks to all netizens it's a quick, easy and responsible step to take.

It seems the media has jumped on heartbleed, albeit in a sensational way. Hopefully all this focus on SSL will pave the way to better standards and help to educate average internet users on how important encryption is.

This forum isn't secured, that's why I've always worn my tin foil hat :)

Quick Edit: Here is a link to useful information: http://digital-foren...s-simulcast-etc

The second paragraph has a PDF (tested clean on virustotal) of a presentation by the security researcher "Malware Jack" that are clear, explicit and definitely worth reading by everyone here, especially people administering their own servers.