Just a couple brief comments on two unrelated security issues. You’ve probably heard about the Heartbleed vulnerability that affected many websites this week. For some reason, the media didn’t mention that the affected servers are running Linux. (There are issues with certain programs running on other servers, but the primary impact was for those sites running Linux-based servers.) They’re quick to jump on Microsoft when it comes to security flaws in Windows, but I guess Linux doesn’t get the same treatment. Weird.
Anyway, we run Windows servers here and don’t appear to be affected by Heartbleed. This blog is on a Linux box, but there’s nothing valuable here except for my rambling a on various topics, and those are only mildly worth stealing.
Coincidentally, we were working on another security-related issue when we heard about Heartbleed. A few of you have given us grief in the past for sending password reminders in email. While your Laridian password doesn’t expose any personal information of import, except perhaps your mailing address — which is widely available elsewhere — it was still disconcerting to see your password show up in clear text.
So we’ve made some changes now so that we don’t send out passwords but instead send a link to a page where you can reset your password. This should provide a little more security, especially if you’re in the habit of using the same password everywhere.