Skip to main content navigation

News

Heartbleed leaves our Servers alone BUT this is what you need to know.

slab
Jim Infantino
Heartbleed leaves our Servers alone BUT this is what you need to know

from xkcd - the genius cartoonist we love.

This past weekend, the Heartbleed exploit hit the news. It was and still is, a big bad story. The exploit is difficult to understand, but it is widespread and even if our servers were not affected, it's important you know what happened and what you can do to secure and fix your email connections if you are having any problems.

Heartbleed is an exploit that prompts servers to send back sensitive information via inquiries made on secure certificate connections. Most servers run Open SSL which was written a long time ago in the programming language C. The hacker can specify a large number of characters to come back via a query. The computer being queried sends back information in it's short term memory - called a "buffer." In the text returned the hacker might find strings of text like passwords or credit card numbers that were supposed to be encrypted but are now sent back in the open.

This is why it is important that you change your passwords for all accounts as soon as you can.

The Heartbleed exploit has been active for at least a couple of years now. If you use the same password to check your email as you do to login to google or facebook or twitter or your bank or any other site, it is important that you change your email password and the password to the admin level of your site, as that password may have been compromised. This is important because if your password is out there, a spammer could log in to your mail account and send out spam. No one wants that.

You can change the password for your email at mail.pair.com - under settings > password. You can change your password for your admin account under Slab Menu > Change My Password.

Additionally, you may want to use an SSL server bigslab.mail.pairserver.com for your incoming mail server. Make sure you check the Use SSL box in your mail program account settings. If you get a warning during initial connection, just click "connect." The certificate is valid, but you may see this message regardless. This will encrypt your incoming mail using the newly set secure certificates. If you are already using outgoing.slabmedia.com for your outgoing mail, there may be an issue while the certificate is reset. Restarting your computer should take care of this. Settings are all on the LEARN section of our site.

I hope this helps. Again, our servers were not affected by this exploit, but it is important that you begin to think up new passwords. Here is a good page on that.

Thanks for being part of the Slab family,

- Jim