Does the Heartbleed security bug affect findAtutor.ca?

  • Posted on: 10 April 2014
  • By: Johanna

I've started getting e-mails from tutors asking if they should be concerned about the Heartbleed bug affecting their accounts on findAtutor.ca. The short answer is no.

This bug is related to the OpenSSL security certificate. SSL certificates are only used on secure pages. You can tell which pages are secure because there will be an "https" at the beginning of an URL.

For an user on findAtutor.ca, you do not need to use "https." However https is available, and is recommended to be used when logging in, especially on public WIFI networks. We recently renewed our security certificate, and it uses a different certificate, not OpenSSL that has the bug.

The other question I've been asked is "should I change my password?" The short answer: it doesn't hurt.

News reports are saying to not change passwords until the bug is fixed, but that is only for affected websites. Because findAtutor.ca isn't affected, you can reset your password at any time. Again, for added security, use the "https" at the beginning of your URL when you do this.

If you use OpenID to login to findAtutor.ca from one of the affected sites, you should be looking into those service providers to find out from them if you need to change your password.

If you tend to use the same password for multiply sites, then you should do what you've probably known and been told for years, and change your passwords to have a unique one for each site.

So, why don't we use default secure pages on findAtutor.ca? We looked at how to do security on findAtutor.ca over the years, and the information collected on findAtutor.ca is low risk. The only personal information we require is a name and e-mail address. The remaining information is optional, or given for public posting in tutor listings and ads.

The worst case senario is if someone does get into your account, they can edit your tutor listing to include inappropriate content. I've only known this to happen once close to a decade ago, and the inappropriate material was caught quickly and taken down immediately.

All on-line payments we receive are either done through PayPal, or via a bank's on-line system. We don't store any financial information from anyone. I've had customers try to give me their credit card number, I will always refuse it because I can't guarantee the safety of such important information.

Even though there is little to no risk on findAtutor.ca regarding this security bug, it makes good sense to review the websites you do use and level of security your passwords offer. If you are overdue with updating your passwords, now is a great time to do it.

Share this