Comment by klapinat0r
12 years ago
Since their own (status.heroku.com and heroku.com) certs are from 2013-10-03, this illustrates a bad situation post-heartbleed:
Were they using a 1.0.1* vulnerable OpenSSL, or not? or did they (unlikely but possible) not adequately fix the issue.
This is information only the service provider has, and thus poses a dilemma (in terms of transparency at least).
Here's hoping for the best.
No comments yet
Contribute on Hacker News ↗