ForumsQuestionsHeartbleed Bug


Heartbleed Bug
Author Message
guardprivy-1

Posted: Apr 09, 2014
Score: 0 Reference
Is/was Toodledo.com vulnerable to the Heartbleed Bug?
Jake

Toodledo Founder
Posted: Apr 09, 2014
Score: 0 Reference
Toodledo was not, and is not vulnerable.
kuoyuting

Posted: Apr 09, 2014
Score: 0 Reference
My toodledo android app keeps popping up security token notice and askinge to relogin since yesterday. Is there a chance that android app or its browser is affected? If not why would this message appear? I am using nexus 5 OS v4.4.2

Thanks


This message was edited Apr 09, 2014.
SES21

Posted: Apr 09, 2014
Score: 0 Reference
Jake, I'm glad to hear that TD wasn't affected by the problem! I came to the forums to look for info on that & I found good news.

As for the N5 on KitKat, you might want to check at Google. There may be something in particular with Android/Chrome related to a special version of OpenSSL called (I think) mod_spdy. Sorry I don't know a lot more to offer...but please do let us know what you find out in case other users have the same problem. Thanks!
Jake

Toodledo Founder
Posted: Apr 10, 2014
Score: 0 Reference
The Android app sign in problems have nothing do with Heartbleed. It has to do with the last update that we released. We are seeing a small number of people have this problem. The solution so far is to delete and reinstall the app. We are still investigating why this is happening to some people. We haven't yet been able to reproduce the problem.
guardprivy-1

Posted: Apr 10, 2014
Score: 0 Reference
Just ran an SSL security audit on toodledo.com. Not vulnerable to heartbleed BUT is vulnerable to CRIME attack. https://www.ssllabs.com/ssltest/analyze.html?d=toodledo.com&hideResults=on
Jason Bushell

Posted: Apr 10, 2014
Score: 1 Reference
Oh thank god.

I'd hate for someone to hack my account and find out how often I maintain my cats litter trays, and various other chores.
Jake

Toodledo Founder
Posted: Apr 10, 2014
Score: 0 Reference
The CRIME attack has been mitigated by modern web browsers, so it does not strictly require a fix on the server if you are using a browser made recently. That said, we do plan to fix it on the server as well.
CharleneTX

Posted: Apr 15, 2014
Score: 0 Reference
Posted by Jason Bushell:
Oh thank god.

I'd hate for someone to hack my account and find out how often I maintain my cats litter trays, and various other chores.


The problem isn't with a hacker knowing you change your litter box. The problem is users who have the same ID and password for multiple sites, especially sensitive sites such as banks.

--Charlene
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.