wiki:HeartbleedAdminEmail
Last modified 3 years ago Last modified on 04/14/14 08:58:21

Draft for edit:

NB this is not going out until we have discussed this thoroughly and we are absolutely clear that the very significant risk of resetting the passwords is worth it. Ed is not convinced

Subject: Transition Network update: Password changes: please read, you need to take action

Hi all

A major vulnerability in the technology that powers encryption across much of the internet was discovered last week (The Heartbleed bug). We took immediate action to patch the vulnerability on Transitionnetwork.org and we are safe.

We have no evidence of malicious activity. However we have taken the extra precaution of changing your password, so your old password will no longer work. You will get a separate email from the website that allows you to reset your password. You will need to do so before you can access the site.

If you have any questions or concerns, please email websupport@….

For more information on this vulnerability, also known as "Heartbleed," visit:

Ed's Blog: https://www.transitionnetwork.org/blogs/ed-mitchell/2014-04/heartbleed-security-issue XKCD's slightly geeky version: http://imgs.xkcd.com/comics/heartbleed_explanation.png XKCD's cartoon about password strength: http://imgs.xkcd.com/comics/password_strength.png

It might be a good moment to investigate using a password manager such as http://keepass.info/ which takes the pain out of remembering passwords.

Kind regards

Sam & the tech team