This exploit could allow someone to obtain various information from a server.
This site has now been upgraded with the recommended updates to prevent it from being vulnerable to this.
To get an idea of the potential seriousness, here is an excerpt from news stories covering this:
The flaw can potentially be used to reveal not just the contents of a secured-message, such as a credit-card transaction over HTTPS, but the primary and secondary SSL keys themselves. This data could then, in theory, be used as a skeleton keys to bypass secure servers without leaving a trace that a site had been hacked.
For more information, read about the Heartbleed vulnerability that was announced on April 7, 2014.
Since the update was applied here within 12 hours of the announcement, there should have been little opportunity for it to affect this site. Although, the vulnerability did exist before the announcement was made.
I have also replaced the security certificates now that the update has been made. It's just a precautionary measure. There are no indications of any compromise to our site. But this is a recommended procedure to be on the safe side (all certificates reissued as of April 9, 2014 1:45 AM). In any case, we also have Perfect Forward Secrecy enabled which limits the possibility of eavesdropping even if there is a problem with our certificates.
The above measures were merely proactive measures due to the potential security issues involved.
Also, this site tries to keep the personal information on everyone to a minimum, so in the case that something does happen, there is not much to be obtained.
I have also attached to the bottom of this message the most recently SSL security test and report run after applying the updates.
Regards,
Greg
