Two small but meaningful tweaks make Papertrail’s Dashboard slightly more flexible. Hide alert-oriented searches Have…
A vulnerability in OpenSSL called CVE-2014-0160 (nicknamed “Heartbleed”) was publicly announced on Monday, April 7. Papertrail:
- Patched the HTTPS endpoint serving
papertrailapp.comon Monday at 3:30 PM UTC-7 (see status blog).
- Verified that our TLS-encrypted log endpoint is not vulnerable to the
https://papertrailapp.com/to use a new TLS certificate
at 5:00 PM UTC-7. This certificate was generated by a different private
key. Related internal passphrases were also changed.
- Deployed forward secrecy as part of patching OpenSSL.
This vulnerability affects many, probably most, SSL-enabled Internet
services in some form. We echo Tumblr’s recommendation, as reported in
the LA Times: “take some time to change your passwords everywhere.” Be safe.