As many of you have heard, a vulnerability was recently discovered in OpenSSL which allows attackers access to vast amounts of sensitive information on websites using this software. This vulnerability is called Heartbleed; if you're not familiar with it you can read about it here.
The AAVSO is currently in the planning stage to move towards securing our website through SSL. However, at this time, no portion of the AAVSO website is currently served using SSL; therefore, the OpenSSL vulnerability does not affect our website.
There is one exception: the AAVSO website uses a credit card payment gateway provided by Paypal to facilitate membership payments, donations, and other payments made to the AAVSO. As of the time of writing, we have verified that Paypal's payment gateway is not affected by this vulnerability.
What this means is that your data with the AAVSO is safe. However, if you use the same password on the AAVSO that you use on other websites, those other websites may have been compromised. If that's the case we recommend that you change your AAVSO password.
Just updated my password.
Great advice, thanks Will.
xkcd has an excellent non-technical explanation of how the exploit works.
Hi, could be instead have a technical explanation as I understood not one word of the non-tech version!
The post Will made about "heartbleed" was from three years ago. I don't know it it is still relavant or not, but I think you will have to Google it up if you want to learn more because Will doesn't work for us anymore.
Cheers! Thanks for that.