DNN Websites and the Heartbleed Bug
What we know today
What: The Heartbleed bug could allow access username and password information on some Internet applications.
When: The Heartbleed vulnerability became public April 7, 2014
What Does This Bug Do?
Under normal conditions, the SSL/TLS encryption provides privacy over the Internet for things like email, instant messaging and web applications. The vulnerability allowed by the Heartbleed bug means someone on the internet could read identify service providers and read the encrypted traffic to steal data like names and passwords and use that information.
What does this mean to DNN websites?
The Heartbleed Bug affects only certain vulnerable versions of OpenSSL software. Websites built using DNN do not use OpenSSL software.
DNN websites use Microsoft Windows technology. To quote from the Microsoft blog:
Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.
When your DNN website is hosted at somewhere like PowerDNN, you'll find their systems are also unaffected. They say:
To be clear, your PowerDNN-hosted website is secure in our network for several reasons:
* Our network is not reliant on Apache.
* PowerDNN servers run on IIS.
* We do not use OpenSSL.
Information on the extent of Heartbleed damage and what to do about it continues to evolve. We suggest you stay aware as the story develops.