To tell you the truth the Stickypass statement isn't clear...
"We have no indication of any impact on Sticky Password"
And you never will, because we all know the attack leaves no trace.
"Your master password, logins, passwords, authentication and private data are safely encrypted in Sticky Password and therefore are not affected by heartbleed."
For StickyPass 7 the master password would be the issue. (The standalone Desktop Stickypass does not apply because everything is localized to your hard drive.) It is the "sync" across devices that concerns me... The master password has to be authenticated with SickyPass. Even if that master password goes over hash (which is good, but not bullet proof if Heartbleed is involved.) The rest of the data is indeed protected by the Stickypass program.
"While StickyPassword.com was not affected, some of our servers were running the vulnerable version of OpenSSL and we immediately installed the patch."
So you were NOT using OpenSSL for https:stickypassword.com which is the site the master password authenticates with? If that is not the site the master authenticates with what is it? And was that server affected with Hearbleed.
Obviously you were running OpenSSL for other servers... and we have no idea what is on those servers or what they are used for.
Here is a list of companies and where they stand with this bug:http://mashable.com/2014/04/09/heartble ... -main-link
As you can see the "money" websites were not compromised. Either were Microsoft, Apple or Amazon. Because nobody who takes care of anything relevant should EVER use open source code which is written for free and maintained by volunteers.
StickyPass isn't listed - but if you are running anything like Dashlane or LastPass a password change is what you should do especially if you ever use open wifi.
This is why:
That is from Boxcryptor. At least they were thorough in their explanation. Here is a link to that statement:https://www.boxcryptor.com/en/blog/how- ... boxcryptor
It appears Boxcryptor, Lastpass and Dashlane all "hash" the master password. Lastpass and Dashlane are saying that is good enough. Only Boxcryptor is advising that it isn't if you ever used a non protected network and many do just that while on their smartphone.
I run separate stand alone installs of StickyPass 6 for my computers and have been hesitant to upgrade to the "sync" in 7 due to security concerns. And Heartbleed shows me I was right to be concerned.
Right now I still don't know enough on where you stand with this... If you ever want me to upgrade to 7 I need to know more.
And btw you don't use https for the forum login which is stupid. You should change that because it looks bad.