Yubico Forum

Re: My "HeartBleed"s

2014-04-25T13:50:38+01:00

Given what a big deal HeartBleed is I'm surprised the post you link to has not been updated with the confirmation that certificates were reissued but that there is no need for YubiKey user action.

Statistics: Posted by DingoDaddy — Fri Apr 25, 2014 1:50 pm

Re: My "HeartBleed"s

2014-04-14T07:42:34+01:00

Hello,

Everything was re-keyd

Because of how the YubiCloud works no secrets are ever exposed to such kind of threats (read documentation)

No action is required from Yubico's users side.

Statistics: Posted by Tom — Mon Apr 14, 2014 7:42 am

Re: My "HeartBleed"s

2014-04-11T18:29:56+01:00

Have the SSL certificates been re-issued for all affected services?

Also, was there any chance of the private keys for the Yubikey getting compromised?

Edit: I mean the private keys stored on Yubico's servers used to decrypt the OTP.

Statistics: Posted by vinaur — Fri Apr 11, 2014 6:29 pm

Re: My "HeartBleed"s

2014-04-10T10:45:10+01:00

All our services have been patched plus:
http://status.yubico.com/2014/04/10/yub ... eartbleed/

Statistics: Posted by Tom — Thu Apr 10, 2014 10:45 am

My "HeartBleed"s

2014-04-10T09:05:23+01:00

What if anything should be done to counter the implications of the HeartBleed OpenSSL Vulnerability on the security of our use of Yubikeys in our Organisation?

What are the potential compromises?
What should be done to regain security?

Statistics: Posted by Adrius42 — Thu Apr 10, 2014 9:05 am