On April 7th, 2014, a serious security vulnerability was publicly announced in the popular OpenSSL software library, which is used by many web systems for encrypting and decrypting data. The bug opens up the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. If exploited, attackers could eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Are PCRecruiter databases affected by this issue?
PCRecruiter software runs on web servers which do not use the OpenSSL library by default and therefore are not vulnerable to the exploit.
If you are a PCRecruiter user concerened that your password may have been compromised by use with another website, you may wish to use the 'Change My Password' option on the MyPCR screen to update your password. It's a 'best practice' to change passwords regularly.
Your PCRecruiter system administrator may also select a strong password mode. In this mode:
- Users must have secure passwords that include a mix of upper and lower case alpha characters, numbers, and special characters
- Users will be prompted to change passwords regularly.
- Users will be restricted from the use of common elements such as days of the week, months of the year, and their user name in the password.
For more information on security practices in PCRecruiter, contact your representative.
For more information on the Heartbleed bug, see http://www.heartbleed.com/