Legend

Forum

Unread topics or posts

Topic

Unread posts

Locked

Announcement

Forums > Questions

Heartbleed Bug



AuthorMessage
dotparker

Posted: Apr 09, 2014
Score: 0



Is/was Toodledo.com vulnerable to the Heartbleed Bug?
Jake

Toodledo Admin
Posted: Apr 09, 2014
Score: 0



Toodledo was not, and is not vulnerable.
kuoyuting

Posted: Apr 09, 2014
Score: 0



My toodledo android app keeps popping up security token notice and askinge to relogin since yesterday. Is there a chance that android app or its browser is affected? If not why would this message appear? I am using nexus 5 OS v4.4.2

Thanks


This message was edited Apr 09, 2014.
SES21

Posted: Apr 09, 2014
Score: 0



Jake, I'm glad to hear that TD wasn't affected by the problem! I came to the forums to look for info on that & I found good news.

As for the N5 on KitKat, you might want to check at Google. There may be something in particular with Android/Chrome related to a special version of OpenSSL called (I think) mod_spdy. Sorry I don't know a lot more to offer...but please do let us know what you find out in case other users have the same problem. Thanks!
Jake

Toodledo Admin
Posted: Apr 10, 2014
Score: 0



The Android app sign in problems have nothing do with Heartbleed. It has to do with the last update that we released. We are seeing a small number of people have this problem. The solution so far is to delete and reinstall the app. We are still investigating why this is happening to some people. We haven't yet been able to reproduce the problem.
dotparker

Posted: Apr 10, 2014
Score: 0



Just ran an SSL security audit on toodledo.com. Not vulnerable to heartbleed BUT is vulnerable to CRIME attack. https://www.ssllabs.com/ssltest/analyze.html?d=toodledo.com&hideResults=on
Jason Bushell

Posted: Apr 10, 2014
Score: 1



Oh thank god.

I'd hate for someone to hack my account and find out how often I maintain my cats litter trays, and various other chores.
Jake

Toodledo Admin
Posted: Apr 10, 2014
Score: 0



The CRIME attack has been mitigated by modern web browsers, so it does not strictly require a fix on the server if you are using a browser made recently. That said, we do plan to fix it on the server as well.
CharleneTX

Posted: Apr 15, 2014
Score: 0



Posted by Jason Bushell:
Oh thank god.

I'd hate for someone to hack my account and find out how often I maintain my cats litter trays, and various other chores.


The problem isn't with a hacker knowing you change your litter box. The problem is users who have the same ID and password for multiple sites, especially sensitive sites such as banks.

--Charlene
You cannot reply yet


To participate in these forums, you must be signed in.



Toodledo Forums > Questions