According to this test
https://lastpass.com/heartbleed/?h=www.hydrogenaudio.org (https://lastpass.com/heartbleed/?h=www.hydrogenaudio.org)
hydrogenaudio is not safe against the heartbleed bug.
i would like to hear if that is true or not, and if so, when we can expect an update to close that hole so i can change my password.
Thank you
Well, as it turns out, ones username and password are sent as plaintext when logging in. No encryption in the first place. Anybody can see it that can see your network traffic.
Well, as it turns out, ones username and password are sent as plaintext when logging in. No encryption in the first place. Anybody can see it that can see your network traffic.
Im not worried about that part. but im guessing what you are saying is that this site does not use openSSL for login so its not affected?
Hydrogen Audio's server has never been vulnerable, as it runs OpenSSL 0.9.8e. Good old RHEL derivatives.
Also, the https is not even set up for this domain, but another domain, and for some administration only things.