Security Update: EyeWire is Heartbleed Protected

Hey EyeWirers,

Immediate takeaway: If you consider your EyeWire password valuable, please change it. Use the “Forgot?” link on the login page or contact support and we can help you out. Please change your valuable passwords for every site on the internet that you use.

The infographic below outlines some recommended password changes on websites other than EyeWire (via LWG Consulting):

heartbleed change your passwords infographic

For those of you who have read on, you may or may not be familiar with the internet-wide earthquake that is security vulnerability CVE-2014-0160 AKA “Heartbleed”. An encryption library used by the vast majority of the internet called OpenSSL had a vulnerability that allowed bad guys who figured it out to silently break encrypted connections and steal credentials from any number of sensitive sites.

We patched EyeWire within 24 hours of the public disclosure of Heartbleed and yesterday rekeyed our SSL certificate. We know EyeWire is a game, but we also know sometimes people reuse valuable passwords. If you are reusing a password, it is imperative that you change it as it may not have been protected by our encryption during transmission.

You can read more about Heartbleed here.

In the coming days, please pay attention to each website you use where the compromise of your account could be disadvantageous, look for an announcement that they have patched their systems, and change your password. If you can’t find an announcement, it can’t hurt to change it anyway, but it may not help you.

If you’d like to independently verify that eyewire.org is patched, you can use this tool (there are others you can google for as well).

Stay safe guys.

Will Silversmith
EyeWire Developer

Leave a Reply

Your email address will not be published.