All Things oDesk
April 9, 2014 by Guest Blogger

As you may have heard, the OpenSSL Project issued a Security Advisory on April 7th. The alert was regarding a possible weakness in encryption software used by two-thirds of all web servers in the world.

Nicknamed “Heartbleed”, the issue could potentially allow attackers to retrieve information from encrypted SSL endpoints.

We take security very seriously, and as of 11 am PDT on April 9th we have completed the necessary fixes to eliminate these vulnerabilities. This includes patching all web infrastructure possibly affected by Heartbleed. The team has scanned our infrastructure and found no other points of potential vulnerability, and we’ll continue to actively monitor the situation.

Although we have no evidence of any oDesk accounts being affected, as a precaution and best practice we do strongly recommend that you change your password.

Thanks,

Simon Yeo

VP, Technical Operations

 

  • gunbarrelflygirl

    Now if you could just come up with a way to screen thoroughly screen all clients for the legitimacy of their business, now THAT would be the next hurdle to leap! I was just told by a supervisor that it would be “impossible” to screen each and every client and this would “bankrupt” the company! LOL! ODesk’s profit in 2012 was a pittance at $44.6 million – yes, I CAN see where ODesk could go bankrupt!!

  • malob

    The LastPass Heartbleed checker indicates that you have not renewed your SSL certificate since the vulnerability was made public. It’s my understanding that this should be done before recommending that users change their passwords.

    https://lastpass.com/heartbleed/?h=www.odesk.com