Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:31 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: My "HeartBleed"s
PostPosted: Thu Apr 10, 2014 9:05 am 
Offline

Joined: Thu Apr 10, 2014 8:59 am
Posts: 1
What if anything should be done to counter the implications of the HeartBleed OpenSSL Vulnerability on the security of our use of Yubikeys in our Organisation?

What are the potential compromises?
What should be done to regain security?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: My "HeartBleed"s
PostPosted: Thu Apr 10, 2014 10:45 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
All our services have been patched plus:
http://status.yubico.com/2014/04/10/yub ... eartbleed/

_________________
-Tom


Top
 Profile  
Reply with quote  
 Post subject: Re: My "HeartBleed"s
PostPosted: Fri Apr 11, 2014 6:29 pm 
Offline

Joined: Fri Apr 11, 2014 6:25 pm
Posts: 1
Have the SSL certificates been re-issued for all affected services?

Also, was there any chance of the private keys for the Yubikey getting compromised?

Edit: I mean the private keys stored on Yubico's servers used to decrypt the OTP.


Top
 Profile  
Reply with quote  
 Post subject: Re: My "HeartBleed"s
PostPosted: Mon Apr 14, 2014 7:42 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello,

Everything was re-keyd

Because of how the YubiCloud works no secrets are ever exposed to such kind of threats (read documentation)

No action is required from Yubico's users side.

_________________
-Tom


Top
 Profile  
Reply with quote  
 Post subject: Re: My "HeartBleed"s
PostPosted: Fri Apr 25, 2014 1:50 pm 
Offline

Joined: Sun Jan 19, 2014 5:46 pm
Posts: 2
Given what a big deal HeartBleed is I'm surprised the post you link to has not been updated with the confirmation that certificates were reissued but that there is no need for YubiKey user action.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group