Share on Facebook Share on Twitter Share on LinkedIn Share on Pinterest Share through Email

Wild Apricot Customers Are NOT Affected By The 'Heartbleed' Security Bug

Dmitriy Buterin 10 April 2014 6 comments

bigstock-Secured-Data-Transfer-50265320 Media sources revealed on Tuesday that an Internet security vulnerability known as the 'Heartbleed bug' has potentially put two thirds of secure websites at risk.

This bug has to do with OpenSSL software code that protects the privacy of sensitive details (e.g. passwords) when accessing secure websites.

Wild Apricot Users Unaffected

We immediately conducted a comprehensive security analysis of our servers and it has shown that Wild Apricot customers are not affected by this bug. (A big contributing factor was that we mostly use Microsoft servers which use different software code for handling security.)

Your passwords, the passwords and information of your members, donors and contacts are safe and secure through Wild Apricot.

Password Best Practices

A security bug that has wide-spread impact reminds us how important it is that we don't use the same password for a number of software programs. If you have used the exact same password on several websites, now might be a good time to change it - and use a different one for every website.

Learn more about the Heartbleed bug here:

Heartbleed web security bug: What you need to know (CBC.ca)
Technical details - National Vulnerability Database
Many major Internet services have been affected by this bug, this Mashable blog post provides recommendations on changing your passwords at those services.

Questions for Wild Apricot?

You can reach our Customer Support team via email at support@wildapricot.com if you have any follow up questions.

Image source: secured-data-transfer - courtesy of BigStockPhoto.com

Get a Special Report on Simplifying Membership Management

Enter your email and receive this special report in your inbox.

Posted by Dmitriy Buterin [Chief Apricot]

Published Thursday, 10 April 2014 at 3:05 PM

Share on Facebook Share on Twitter Share on LinkedIn Share on Pinterest Share through Email

Get a Special Report on Simplifying Membership Management

Enter your email and receive this special report in your inbox.

Comments

Peter McMillan said:

Saturday, 12 April 2014 at 9:35 PM

So you don't offload VPN/SSL traffic to a network appliance to do the heavy lifting on encryption? I have read that some of these appliances, Cisco and Juniper among them, may also be compromised. The point is, if you've abdicated encryption to one of these appliances, it seems to me that it doesn't much matter what OS you're running behind them.
Chief Apricot said:

Sunday, 13 April 2014 at 11:22 AM

good point. I don't think we use those but let me double check with our engineers and confirm.
Chief Apricot said:

Sunday, 13 April 2014 at 2:51 PM

Peter, our technical team confirmed that we don't use hardware devices like that and handle ssl directly from our windows servers.
Regina Funkhouser said:

Tuesday, 15 April 2014 at 8:12 AM

So if we are using Authorize.net through WA, we are all ok there as well, correct?
Chief Apricot said:

Tuesday, 15 April 2014 at 11:05 AM

You are OK as far as our systems are concerned. Authorize.net is responsible for checking/securing their systems.
Smithg909 said:

Friday, 09 May 2014 at 1:47 PM

Howdy! Would you mind if I share your weblog with my twitter group? Theres lots of people that I think would truly enjoy your content material. Please let me know. Thanks dedcccgdeaebfkbc