Author Topic: State of avast portal SSL renewal concerning Hearybleed  (Read 3313 times)

0 Members and 1 Guest are viewing this topic.

Offline Joey van Hummel

  • Newbie
  • *
  • Posts: 1
State of avast portal SSL renewal concerning Hearybleed
« on: April 13, 2014, 09:10:02 PM »
Hi there.

Avast's servers were (are?) vulnerable to Heartbleed.
https://gist.github.com/dberkholz/10169691
https://lastpass.com/heartbleed/?h=avast.com

It seems to be fixed now, but the last time your SSL certificates were updated is 3 months ago.

Seeing how you guys provide IT security, it is weird to see you still haven't replaced this now untrustable certificate.

Furthermore, I also think it's weird that this forum, specifically registration and login are not standard in HTTPS.
Actually, going to HTTPS even breaks the site AND warns of mixed content.

Can we get a statement on this? Maybe the reports are just wrong? As an IT security company, this can't be how you intend to deal with this vulnerability.

With kind regards,

Joey van HUmmel
« Last Edit: April 13, 2014, 09:17:39 PM by Joey van Hummel »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33381
  • malware fighter
Re: State of avast portal SSL renewal concerning Hearybleed
« Reply #1 on: April 13, 2014, 10:02:29 PM »
Well theoretically speaking one is not allowed to test websites for the Heartbleed bug. Read: http://bgr.com/2014/04/11/hearbleed-online-security-checks   link article author = Chris Smith

avast! isn't an IT security company it is an av vendor. For comments if you get any, that is up to avast! team members.

polonus

P.S.
Quote
Last year it was reported that the NSA paid security firm RSA $10 million to intentionally weaken an encryption algorithm and had circumvented or cracked other encryption schemes.
See for quote: http://www.forbes.com/sites/larrymagid/2014/04/11/report-nsa-knew-about-and-exploited-heartbleed-for-years/  link article author = Larry Magid, Contributor

D
« Last Edit: April 14, 2014, 01:09:46 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!