Page 1 of 1

WOT site remains exposed to Heartbleed exploit! Why?

Posted: Tue May 27, 2014 12:58 pm
by Pianosa
Following the Heartbleed disclosure, only one of the two SSL certificates offered by www.mywot.com has been revoked (on 2014-04-16 21:19:15 ). The certificate with serial number 0x112180d7ea6963e3c9776eff010d3c7a69fd (www.mywot.com) which is due to expire on 2016-01-30 has NOT yet been revoked, thus leaving the domain exposed to the Heartbleed vulnerability.
<!--break-->
Is there any intention to revoke this (possibly compromised) certificate?
<!--break-->
If so, what is the reason for the lengthy delay?

RE: WOT site remains exposed to Heartbleed exploit! Why?

Posted: Tue May 27, 2014 9:27 pm
by Guest
Ops, true
[url=http://it.tinypic.com?ref=o571g9 t=_blank][img]http://i57.tinypic.com/o571g9.jpg[/img][/url]

http://toolbar.netcraft.com/help/faq/index.html#heartbleed

Hopefully the Staff of mywot will address this issue soon
Thank you for the heads up

RE: WOT site remains exposed to Heartbleed exploit! Why?

Posted: Wed May 28, 2014 11:09 am
by Timo
Thanks for reminding about the revoking the certificate. We fixed openssl as soon as it was discovered but simply forgot to revoke the certificate. Issue has been fixed.

RE: WOT site remains exposed to Heartbleed exploit! Why?

Posted: Wed May 28, 2014 5:24 pm
by Guest
<quote user="timo">
Thanks for reminding about the revoking the certificate. We fixed openssl as soon as it was discovered but simply forgot to revoke the certificate. Issue has been fixed.
[/quote]

Thank you Timo
I feel much better now :)

RE: WOT site remains exposed to Heartbleed exploit! Why?

Posted: Mon Jul 21, 2014 11:42 am
by Pianosa
<quote user="timo">
Thanks for reminding about the revoking the certificate. We fixed openssl as soon as it was discovered but simply forgot to revoke the certificate. Issue has been fixed.
[/quote]

@Timo
Thanks.