WOT site remains exposed to Heartbleed exploit! Why?

Post Reply
Pianosa
Posts: 63
Joined: Fri Apr 25, 2014 6:25 pm

WOT site remains exposed to Heartbleed exploit! Why?

Post by Pianosa » Tue May 27, 2014 12:58 pm

Following the Heartbleed disclosure, only one of the two SSL certificates offered by www.mywot.com has been revoked (on 2014-04-16 21:19:15 ). The certificate with serial number 0x112180d7ea6963e3c9776eff010d3c7a69fd (www.mywot.com) which is due to expire on 2016-01-30 has NOT yet been revoked, thus leaving the domain exposed to the Heartbleed vulnerability.
<!--break-->
Is there any intention to revoke this (possibly compromised) certificate?
<!--break-->
If so, what is the reason for the lengthy delay?

Guest

RE: WOT site remains exposed to Heartbleed exploit! Why?

Post by Guest » Tue May 27, 2014 9:27 pm

Ops, true
[url=http://it.tinypic.com?ref=o571g9 t=_blank][img]http://i57.tinypic.com/o571g9.jpg[/img][/url]

http://toolbar.netcraft.com/help/faq/index.html#heartbleed

Hopefully the Staff of mywot will address this issue soon
Thank you for the heads up

Timo
Posts: 830
Joined: Sun Oct 29, 2006 5:11 pm

RE: WOT site remains exposed to Heartbleed exploit! Why?

Post by Timo » Wed May 28, 2014 11:09 am

Thanks for reminding about the revoking the certificate. We fixed openssl as soon as it was discovered but simply forgot to revoke the certificate. Issue has been fixed.

Guest

RE: WOT site remains exposed to Heartbleed exploit! Why?

Post by Guest » Wed May 28, 2014 5:24 pm

<quote user="timo">
Thanks for reminding about the revoking the certificate. We fixed openssl as soon as it was discovered but simply forgot to revoke the certificate. Issue has been fixed.
[/quote]

Thank you Timo
I feel much better now :)

Pianosa
Posts: 63
Joined: Fri Apr 25, 2014 6:25 pm

RE: WOT site remains exposed to Heartbleed exploit! Why?

Post by Pianosa » Mon Jul 21, 2014 11:42 am

<quote user="timo">
Thanks for reminding about the revoking the certificate. We fixed openssl as soon as it was discovered but simply forgot to revoke the certificate. Issue has been fixed.
[/quote]

@Timo
Thanks.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests