April 8, 2014
SpiderOak.com and related SSL certificates were changed yesterday due to the OpenSSL Bug
As has been widely published, a significant vulnerability has been found in OpenSSL, the transport encryption library used by many SSL websites. SSL is the mechanism that encrypts your browser’s connection to the server, verifying the server’s identity and preventing eavesdropping. Many people know it as the padlock icon in a web browser.
Many sites across the internet including Amazon, GitHub, Heroku have likewise changed their certificates.
SpiderOak patched our OpenSSL servers within a couple hours of the announcement yesterday. The SpiderOak desktop clients ship with a version of OpenSSL that is not subject to this vulnerability. As such, SpiderOak customers do not need to take any special action.
More info about the vulnerability is at heartbleed.com.