Heartbleed Bug !

Hmmmm...how could we know?

Well as we don't exactly know what your issue is...  Who knows...

i'm changing all my passwords everywhere

Does this thread have a point?

Government E mail address book hi-jacked? 

Well I get at least 1 scam a day in my telus inbox, most likely because my address is public on my web site. I was about to mark this one as spam but out of curiosity I right clicked the sender and saw that it actually came from Revenue Canada? I double checked and this was accurate. 
It told me I have a extra refund coming and to click the link to claim my " 733,17$. " - notice the  comma and the dollar sign placement. 
The provided link is obviously a phishing site, Google Chrome confirmed this when I clicked the link. So it would seem that someone has managed to hijack the Revenue Canada's e mail address book, I'm on file and this is the e mail address I used for E file. 

So I figured I should report this as it might even be a national security issue, right? 
I Googled  "reporting fraud" and the top of the list was RCMP. But their web site claimed they don't want to hear from me unless I'm an actual victim. I guess I'm not. So there is a link to the Government "Anti Fraud Agency" , looking good. They have a list of currant fraud scams but I didn't see this one. I clicked the report fraud link thinking this was the way to pass on what might be important info.

I have to log on? ! I had to fill in a page and a half of personal info? OK I'm game. I finally get to a page to report the fraud and it looks amazingly like the unEmployment Insurance claim reporting site! Cool. But it was page after page of stupid questions and none of the choices matched my issue. I gave up after 12 minutes. 
But when I returned to my in box I had a email from an IT friend warning about the Heartbleed bug. So I guess they already were aware they have been hacked big time. This will be an interesting development. I think the OP was just joking.. if you read the link you'll see how not all secure site software is compromised, only 2/3 of the sites. 
 
http://news.ca.msn.com/top-stories/heartbleed-web-security-bug-what-you-need-to-know
 
 

StarTekh
KPerry : thanks !  Kalle manualy update your os , reseting email pass words is suggested , Alex start reading ! :)

I was fully aware of an openSSL vunerabilty that does not effect IIS, however I didn't understand why the global media (which I have since found out why) has reffered this as a 'heartbeat bug'. I couldn't be bothered to look into the details until now (another day another vulnerability so what's new). BTW the media is wrong, this is not a bug it is a flaw.

So KPerry is right, this is an IIS platform here (MS implementation) so should not be effected (at least for now).

So I agree, I should read more. But there is no actual issue here (apart from the CIA) as Cake use MS products. So move on nothing to see.

Shorter version... The post is about OpenSSL. Cake does not use OpenSSL (they use IIS SSL) as far as I can see. So no problem here.

Ok. Now I'm embarrassed. A Finnish company had a major role in finding one of the biggest flaws in the history of internet and I did not know about it:o)

Kalle Rantaaho
Ok. Now I'm embarrassed. A Finnish company had a major role in finding one of the biggest flaws in the history of internet and I did not know about it:o)

I wouldn't be .... It just has received a lot of publicity this time, good advice mostly about changing passwords (the CIA will need to update their password database as well )...
 
Check the number of issues found here:
 http://www.openssl.org/news/vulnerabilities.html
 

You can check some sites to see if the exploit has been fixed by using online tools:
 
 Heartbleed test, LastPass Heartbleed checker, or the Qualys SSL Labs 
 
I would not hold my breath to hear from sites that might have been vulnerable announcing that they have a fix or advising you to change your password. These commercial sites and the server farms that house them depend on users believing that they can protect your data and assets, even though history has proven on many occasions that they cannot. In order to tell you that the problem has been fixed, they have to acknowledge that the vulnerability existed on their servers for some time. And advising you to change your password on the on the improbable chance that it has been compromised will cost them dearly in customer confidence. Many sites will no doubt listen to marketing and ignore engineering advice and just hope no one notices. That is the kind of decision that we expect when applying the oxymoron that is business ethics. Cakewalk has at least been forthcoming in stating that their user directed sites are not affected. Let us hope that other companies who were affected will be so honest.