Is LDS.org safe to log in after Heartbleed?

[cscooper2000]

What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

[eblood66]

What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

Patching and installing new certificates has already been done. See this post: https://tech.lds.org/forum/viewtopic.ph ... ed#p122730

I don't know that they have any plans to advertise this on the home page or the SSO page.

[scgallafent]

What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.

[eblood66]

What has the church tech group done about Heartbleed?

Many responsible website operators are posting prominent welcome messages on their login screens or homepages. I would love to see the issue addressed on LDS.org. I think what people want to know is: Does LDS.org (or any of the single-logon LDS sites) use OpenSSL? If so, has the church tech department addressed the issue by: a) applying the latest patch fix, and b) when will you have new security certificates?

FamilySearch.org has addressed this issue, however the most current information I can find indicates it is currently not wise to log into LDS.org:
https://lastpass.com/heartbleed/?h=www.lds.org

LastPass is incorrect. The equipment vendor has confirmed that their equipment was not affected by Heartbleed. A new LDS.org certificate was issued on April 8, 2014.

It looks like LastPass has been updated. It now says that lds.org was never vulnerable.