Many sites have/had been affected by the heartbleed bug, I just want to ask if this site is safe? Because just yesterday, fanfiction.net released a statement about this bug so I immediately changed my password. Just asking if we have to change our passwords here too?

Hi,
Heartbleed is a vulnerability in OpenSSL, which is an SSL implementation that provides security while sending sensitive information on the internet. It's best explained by xkcd.com/1354/

This is a pretty serious problem, my advise is to change ALL your passwords.

Dokuga is powered by Kunena, which is open source. So, it makes sense to extrapolate that and say most of their software, including SSL, is also opensource. So, we're most likely affected by this as well (This is me speculating).

Please change ALL your passwords ASAP (especially for work, banks etc.). Don't wait for them to contact you.

Hope this helps.

I was going to post the xkcd comic as well lol.

To the best of my knowledge, the site's data base and other components were put together with Joomla. The forum is Kunena, and yes, all of it was open-source.

If one reads the news reports concerning the "Heartbleed" problem, one notices that the security problem deals specifically with Secure Socket Layer issues. We do not, and have never, used SSL for this site (again, to the best of my knowledge and recollection).

We have no need of this, as we do not collect, nor do we store, any sensitive financial information about our members. Our donations are handled through my PayPal account, which has long since fixed it's vulnerability issues.

If it makes you feel safer to change your password for this site, by all means, do. After all, many internet security experts caution that you should do this regularly anyway. Rest assured, however, that we will continue to monitor the situation. If we feel that our members might be compromised, we will alert you all as soon as humanly possible.

~~Wiccan~~

I'd also like to add that to change your passwords before notification by institutions that the problem has been fixed is folly. Most banks/reputable companies that deal with monies/financials do not deal with OpenSSL. Rather, they used encrypted forms, secure SSL. However, those that are affected have an obligation to notify customers once the breach has been fixed - if they care, that is.

To reset your PW prior to any fix would be like handing out a key to your faulty lock to a criminal over and over again BEFORE fixing the crappy lock.

Mashables.com: WEBSITES AFFECTED BY HEARTBLEED

CNET article gives more info:

CNET - HeartBleed

What exactly is this bug and what does it do

The whole overview is given here:

http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/

It has much more information than I can copy/paste or type right now. Also, check out the links that Emiko provided for more information, especially the one on Mashable.
:/
~~Wiccan~~

Okie! By the Way, check out this site.

lastpass.com/heartbleed/

It might help you know if a certain website has been affected by this bug or not