PolyMatchMaker.com's heart is NOT bleeding
By Cyberfunk on Saturday April 12, 2014

By now everyone should have heard about "Heartbleed". If not, the long and short of it is, most of what you thought was secure--wasn't.

Let me start all this off with saying, PolyMatchMaker was not affected. When I heard about the problem, I notified my hosting provider who quickly did a server level patch to make sure we stay safe.

With that said, let me share some information about the exploit.

The OpenSSL package, which is used by a large percentage of the Internet, had a bug. It is important to note that the encryption algorithms it provides are still valid. The bug was OpenSSL's role in how the Internet communicates between machines and keeps connections active; by sending a "heartbeat" back and forth. By exploiting this heartbeat it causes small, random chunks of secure memory to be exposed. Enough random chunks and you could have something useful. PolyMatchMaker only used the software to one-way-encrypt passwords and not for transmitting any data.

So what are next steps?
This is the hard part; there is not a lot you can do until other web site owners fix their own sites first. Regardless of what the mass media hysteria is saying, don't rush out and change all your passwords just yet. Until other servers are fixed, you will still be at risk with your new password too. So first, see if the sites you frequent were even affected. Not every site is vulnerable so everything may be fine. However, if they were exposed, there are a couple things they need to do before you can consider them safe.

1) They need to apply OS-level patches and/or upgrade to the latest version of OpenSSL.
2) They need to revoke their current SSL security certificates, and reissue new certificates.

This second part is just as important because if the random chunks of memory included the security keys the bad guys can pretend to be that website. And as I stated at the beginning, even though PolyMatchMaker was not susceptible to this exploit, I made sure our server got patched.

Take charge of your digital presence
Once other website are secured, you should change your password with them. And since you're in the changing passwords mode, PLEASE do not change everything to the same password. If you are not already, use a decent password manager.

Be safe out there!

/Cyberfunk
Ethical non-monogamy, open relationships, equality, freedom, choice, love, sexuality, sincerity, hope, trust, happiness, polyamory