Affiliation
American Association of Variable Star Observers (AAVSO)
Thu, 04/10/2014 - 18:35

As many of you have heard, a vulnerability was recently discovered in OpenSSL which allows attackers access to vast amounts of sensitive information on websites using this software. This vulnerability is called Heartbleed; if you're not familiar with it you can read about it here

The AAVSO is currently in the planning stage to move towards securing our website through SSL. However, at this time, no portion of the AAVSO website is currently served using SSL; therefore, the OpenSSL vulnerability does not affect our website. 

There is one exception: the AAVSO website uses a credit card payment gateway provided by Paypal to facilitate membership payments, donations, and other payments made to the AAVSO. As of the time of writing, we have verified that Paypal's payment gateway is not affected by this vulnerability.

What this means is that your data with the AAVSO is safe. However, if you use the same password on the AAVSO that you use on other websites, those other websites may have been compromised. If that's the case we recommend that you change your AAVSO password.

Affiliation
American Association of Variable Star Observers (AAVSO)
non-technical

Hi, could be instead have a technical explanation as I understood not one word of the non-tech version!

Affiliation
American Association of Variable Star Observers (AAVSO)
non-technical

Hi Mike,

The post Will made about "heartbleed" was from three years ago. I don't know it it is still relavant or not, but I think you will have to Google it up if you want to learn more because Will doesn't work for us anymore.

Regards,
Sara