Products Features Platforms

Products Features Platforms

ForumsQuestionsHeartbleed Bug

Heartbleed Bug

Author	Message
guardprivy-1	Posted: Apr 09, 2014 Score: 0 Reference guardprivy-1 Posted: Apr 09, 2014 Score: 0 Reference Is/was Toodledo.com vulnerable to the Heartbleed Bug?
Jake Toodledo Founder	Posted: Apr 09, 2014 Score: 0 Reference Jake (Founder) Posted: Apr 09, 2014 Score: 0 Reference Toodledo was not, and is not vulnerable.
kuoyuting	Posted: Apr 09, 2014 Score: 0 Reference kuoyuting Posted: Apr 09, 2014 Score: 0 Reference My toodledo android app keeps popping up security token notice and askinge to relogin since yesterday. Is there a chance that android app or its browser is affected? If not why would this message appear? I am using nexus 5 OS v4.4.2 Thanks This message was edited Apr 09, 2014.
SES21	Posted: Apr 09, 2014 Score: 0 Reference SES21 Posted: Apr 09, 2014 Score: 0 Reference Jake, I'm glad to hear that TD wasn't affected by the problem! I came to the forums to look for info on that & I found good news. As for the N5 on KitKat, you might want to check at Google. There may be something in particular with Android/Chrome related to a special version of OpenSSL called (I think) mod_spdy. Sorry I don't know a lot more to offer...but please do let us know what you find out in case other users have the same problem. Thanks!
Jake Toodledo Founder	Posted: Apr 10, 2014 Score: 0 Reference Jake (Founder) Posted: Apr 10, 2014 Score: 0 Reference The Android app sign in problems have nothing do with Heartbleed. It has to do with the last update that we released. We are seeing a small number of people have this problem. The solution so far is to delete and reinstall the app. We are still investigating why this is happening to some people. We haven't yet been able to reproduce the problem.
guardprivy-1	Posted: Apr 10, 2014 Score: 0 Reference guardprivy-1 Posted: Apr 10, 2014 Score: 0 Reference Just ran an SSL security audit on toodledo.com. Not vulnerable to heartbleed BUT is vulnerable to CRIME attack. https://www.ssllabs.com/ssltest/analyze.html?d=toodledo.com&hideResults=on
Jason Bushell	Posted: Apr 10, 2014 Score: 1 Reference Jason Bushell Posted: Apr 10, 2014 Score: 1 Reference Oh thank god. I'd hate for someone to hack my account and find out how often I maintain my cats litter trays, and various other chores.
Jake Toodledo Founder	Posted: Apr 10, 2014 Score: 0 Reference Jake (Founder) Posted: Apr 10, 2014 Score: 0 Reference The CRIME attack has been mitigated by modern web browsers, so it does not strictly require a fix on the server if you are using a browser made recently. That said, we do plan to fix it on the server as well.
CharleneTX	Posted: Apr 15, 2014 Score: 0 Reference CharleneTX Posted: Apr 15, 2014 Score: 0 Reference Posted by Jason Bushell: Oh thank god. I'd hate for someone to hack my account and find out how often I maintain my cats litter trays, and various other chores. The problem isn't with a hacker knowing you change your litter box. The problem is users who have the same ID and password for multiple sites, especially sensitive sites such as banks. --Charlene

You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.