Linden Lab Issue Heartbleed Information

The heartbleed bug has been causing mayhem this week, many a headache has been felt in IT departments the world over. Second Life users were obviously concerned about this and Linden Lab have produced a blog post relevant to Second Life : Account Safety and the Heartbleed OpenSSL Bug.

There’s some really good news from the lab about this:

You do not need to take extra action to secure your Second Life password if you have not used the same password on other websites. Your Second Life password was not visible via Heartbleed server memory exposure. No secondlife.com site that accepts passwords had the vulnerable SSL heartbeat feature enabled.

However it should be noted that Second Life properties were not immune to this issue, as the blog post explains :

Supporting sites such as Second Life profiles are hosted on cloud hosting services. Some of these sites were previously vulnerable to Heartbleed, which may have exposed one of these servers’ certificates. As an extra precaution, we are in the process of replacing our SSL certificates across the board. This change will be fully automatic in standard web browsers.

Initially this may seem confusing, but login to Second Life profiles is done via the main website login, rather than a login directly on those servers, so the initial advice that there’s no need to take extra action stands.

However there are circumstances whereby you may want to change your Second Life password and that is if you use that very same password on a site that may have had login information exposed.

Continue reading “Linden Lab Issue Heartbleed Information”

Follow

Get the latest posts delivered to your mailbox: