Leavins Software Is Not Affected By Heartbleed

Posted on April 20, 2014

What is the Heartbleed Bug?

OpenSSL is a piece of software used by many web sites to provide secure web site access to users. It had a flaw which allowed anyone (who knew how) to read the server's memory. Everything passes through a server's memory, including server security data and personal data (like passwords and security questions.)

Heartbleed is a major bug with its own website that you can go to for more information: Heartbleed Bug.

Why was Leavins-Software.com not affected by it?

No, Leavins-Software.com was not affected by Heartbleed. As of this writing, Leavins-Software.com runs on a server using Debian Linux 6. Even though the current version of Debian is 7, they still support 6. To make a long story short, the server was running an older, unaffected version of OpenSSL.

Why wait until now to reveal this info?

I take security very seriously, but it took me a while to realize the value of informing concerned parties that Heartbleed was a non-issue for Leavins Software. If something goes bad, what to do is obvious: tell people. But if something doesn't go bad, what should you do?

It dawned on me this morning that, if we're talking about a serious, well-known security flaw like Heartbleed, you should still tell people about it.

Written by Dustin Leavins