DNN Websites and the Heartbleed Bug

What we know today

When:   The Heartbleed vulnerability became public April 7, 2014

What Does This Bug Do?  
Under normal conditions, the SSL/TLS encryption provides privacy over the Internet for things like email, instant messaging and web applications. The vulnerability allowed by the Heartbleed bug means someone on the internet could read identify service providers and read the encrypted traffic to steal data like names and passwords and use that information.

What does this mean to DNN websites?

The Heartbleed Bug affects only certain vulnerable versions of OpenSSL software. Websites built using DNN do not use OpenSSL software.

DNN websites use Microsoft Windows technology. To quote from the Microsoft blog:

Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.  

When your DNN website is hosted at somewhere like PowerDNN, you'll find their systems are also unaffected. They say:

To be clear, your PowerDNN-hosted website is secure in our network for several reasons:

* Our network is not reliant on Apache.

* PowerDNN servers run on IIS.

* We do not use OpenSSL.

Information on the extent of Heartbleed damage and what to do about it continues to evolve. We suggest you stay aware as the story develops.  

Kate GingoldKate Gingold

I have been writing a blog with web marketing tips and techniques every other week since 2003. In addition to blogging and client content writing, I write books and a blog on local history.

Other posts by Kate Gingold

Contact author Full biography

Full biography

I have been writing a blog with web marketing tips and techniques every other week since 2003. In addition to blogging and client content writing, I write books and a blog on local history.

x

Linked In Google Plus