The Heartbleed Bug was disclosed Monday night and can occur in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where most sensitive data is stored.
The bug appears in OpenSSL versions 1.0.1 to 1.0.1f. Version 1.0.1g fixes the bug.
How Does the Heartbeat Vulnerability Affect RoboForm?
It doesn't.
RoboForm servers used OpenSSL ver 1.0.0 and 0.9.8 which were not affected by the Heartbleed Bug.
Upon learning of the bug, we updated all our OpenSSL versions to the 1.0.1g which is published fix for the Heartbleed bug.
What should you do next?
Your Master Password has always been secure, so you do not need to change it.
However, this bug has been out there for a long time and it's possible that sites you regularly visit would be susceptible the vulnerability.
You can check whether or not sites are susceptible using this tool: http://filippo.io/Heartbleed/
We recommend you generate new passwords for any website in which you store sensitive information, such as email, banking, etc. However, you should wait until these sites have updated their OpenSSL version and replaced their certificates with new certificates being issued on 4/8/2014 or later.
No comments:
Post a Comment