Skip to main content

The AAVSO Website and Heartbleed

3 posts / 0 new
Last post
willmcmain's picture
The AAVSO Website and Heartbleed

As many of you have heard, a vulnerability was recently discovered in OpenSSL which allows attackers access to vast amounts of sensitive information on websites using this software. This vulnerability is called Heartbleed; if you're not familiar with it you can read about it here

The AAVSO is currently in the planning stage to move towards securing our website through SSL. However, at this time, no portion of the AAVSO website is currently served using SSL; therefore, the OpenSSL vulnerability does not affect our website. 

There is one exception: the AAVSO website uses a credit card payment gateway provided by Paypal to facilitate membership payments, donations, and other payments made to the AAVSO. As of the time of writing, we have verified that Paypal's payment gateway is not affected by this vulnerability.

What this means is that your data with the AAVSO is safe. However, if you use the same password on the AAVSO that you use on other websites, those other websites may have been compromised. If that's the case we recommend that you change your AAVSO password.

BPO's picture

Just updated my password.

Great advice, thanks Will.


willmcmain's picture
xkcd has an excellent

xkcd has an excellent non-technical explanation of how the exploit works.

Log in to post comments
AAVSO 49 Bay State Rd. Cambridge, MA 02138 617-354-0484