QRZ and the Heartbleed Bug

From what I can tell QRZ does not even use a Cert for this site.

Nor does the site claim to.

The site is re directed.


April Fools...

 

The good news is the site ether uses some other SSL driver / subsystem or it has been patched.
Good deal, the folks at the best Ham Radio site on the planet are on the ball.
Another good reason to support this site.

 

Check to see how secure YOUR password is at howsecureismypassword.net

 

It has an SSL certificate for the secure login page at https://www.qrz.com/login

I think you need to be logged out see that page

 

About the Heartbleed Bug http://heartbleed.com from the Heartbleed test site https://filippo.io/Heartbleed

 

That page has a cool message;

"Please ignore any warning about leaving an encrypted page"


What a deal.

 

Yes there's some weird and, let's say, "non optimal" stuff happening there.

The warning message appears because after you've logged in, it seems to use some Javascript to do another POST request to the non-SSL page. If it followed good practice and did a normal GET redirect (i.e., returned a 302 response) after the form post instead of a second POST, the warning wouldn't appear.

 

PLEASE stop spreading this rumor. It's not even close to being true and my guys in support would really appreciate it. The media frenzy has done nothing but incite panic in millions who have no clue as to how this stuff works. All they know is someone in a Fox News Alert gave the go ahead to panic and they did.


The hearbleed bug ONLY effects OpenSSL versions 1.0.1 to 1.0.1f. It does not effect any other version of OpenSSL before or after 1.0.1 to 1.0.1f. There are millions of serves out there that don't run OpenSSL at all or they were not up to date so the bug did not have an effect.