Heartbleed bug
Saturday, April 19th, 2014By now, you might have heard of this thing called the Heartbleed bug, which is making the rounds on most Internet news sites.
The truth is, it’s not as bad as it sounds. The vunerability was pretty bad, but in practice, for any of our users the risk was minimal.
First, the bad news: some of your data might have been exposed to anyone sniffing our traffic. The operative word here is might. Chances are very, very slim that any sniffing took place, plus this was not a breach in our database, they didn’t have access to any of the data we keep there (user name and email address, if you provided one) they would only been able to grab your password if they were sniffing online at the actual time you logged in. Think about it, with the trillions of web pages out there, the chances of someone actively sniffing Doghouse pages are what? A quadrillion to one? An Octodecillion to one? Something crazy anyway.
As I say, extremely unlikely.
The good news:
- We have patched all our systems so the Heartbleed bug is no longer an issue.
- If you are worried about this bug, change your password in Doghouse. Here’s a link explaining how.
Which services were affected?
Only Doghouse, and only when you contribute any data from the Pedias or when you logged in to admin.bruji.com or doghouse.bruji.com (they’re the same page). If you only use Doghouse for searches and have never contributed any entries you have nothing to worry about.
What data do you store?
We only store your user name and your email address if you provided one so we can communicate with you if the need arises. We never sell or expose your data to anyone, ever, under any circumstances. You can view our privacy policy right here.
What about my password?
Your password is stored with high-grade encryption and looks like this:
e8afdd90d1dec343128b090e39e77eb08f859d4d78ce88262db6fb8f3d9a314ab7a486508567c21ded896bf3c32048fa6abd8987b5d57a1f46fcf6441a30d59a
That doesn’t mean that even if someone got a hold of it they could use it to login with your username because we also use an added security measure appropriate called a salt and there is no way to reverse this encryption to figure out what the password really is.
But, I repeat, nobody but us has access to this data not even through the Heartbleed bug.
OK, this sounds good, but I’m still worried, what should I do?
Just change your password if you use it elsewhere and are worried someone might have caught it as you were logging in and you’ll be fine.