HeartBleed: Chess.com still shows as "Vulnerable" by security experts.

Sort:

SokeP

Apr 9, 2014

A listing on GitHub on 4/8/14 Tuesday listed Chess.com as "vulnerable".

https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

Testing yahoo.com... vulnerable.

Testing flickr.com...  vulnerable.
Testing addthis.com...  vulnerable.
Testing chaturbate.com...  vulnerable.
Testing okcupid.com...  vulnerable.
...
Testing fatwallet.com... vulnerable.
Testing internetdownloadmanager.com... vulnerable.
Testing chess.com... vulnerable.
....
Testing aol.com... no SSL.
....
Testing files.wordpress.com... not vulnerable.

The LastPass site tester on Wed 6pm 4/9/14 at

https://LastPass.com/HeartBleed/ shows:
For Chess.com

Detected server software of PWS/8.0.22
The server software is unknown, might use OpenSSL and could have been vulnerable.

The SSL certificate for chess.com valid 6 months ago at Oct 4 18:54:03 2013 GMT.
This is before the heartbleed bug was published, it may need to be regenerated.

Since many of us have done financial transactions, etc with Chess.com, it would be helpful to:

1. update your SSL version;

2. Notify on frontpage, homepages, and/or prominently;

3. Update your certificate; we know it costs a few bucks, but it would be useful in this case.

4. That this occurred is not your fault; you do not have to hide it! But, not responding to it (and/or not notifying your customers) is on you.

RonaldJosephCote

Apr 9, 2014

NBC just did a story on it. Not chess.com but the most recent bug that affects ALL sites as,"Vulnerable".

erik