Carbon Commons protected against Heartbleed bug

The Carbon Commons runs on a server using the latest OpenSSL technology, which protects users from potential Heartbleed bug exploits that have made headlines recently.  While CMC does not believe there has been any illegitimate access to the Carbon Commons prior to our update of OpenSSL, we recommend that users change their passwords.  This is good practice advisable for any web site where personal credentials are used.

To change your Carbon Commons password, logon to the Carbon Commons.  From the home page click on “Settings” (fourth item on the top menu bar).  The Settings page will enable you to enter a new password of your choice.  If you do not remember your password, ensure you are logged out, and from the home page, select “Forgot Password” in the top left-hand side login box and a new password will be sent to you.

If you require assistance or have any questions please contact support@carboncommons.ca

More information on the Heartbleed bug: on April 7, 2014 OpenSSL announced a vulnerability in its transport layer security (TLS) heartbeat extension code, which became known as the Heartbleed bug.  This vulnerability allows reading the memory of unprotected systems and therefore enables access to the secret keys used to identify the service provider and encrypt the traffic.