Hi!
As the sslbleed bug requires changing we have done it already (we let a
couple days pass to let the situation settle down a bit).
You can check the new fingerprints:
https://wiki.unsystem.net/index.php/UnSYSTEM_SSL_Fingerprints (check gpg
signatures to know it's the real deal)
All users are advised to change their password *as soon as possible*. We
don't have many services actually requesting a password, but anyone who
used the wiki or other ssl protected services has to change their password.
This is not just for unsystem, for other services on the internet remember:
* They have to change their certificates
* After changing the certificates they should ask you to change your
password
If any service fails to do that, you are well recommended to query the
admins for the situation and don't trust the service to be doing its
job. Also you *should not* change your passwords before you know the
certs are changed. This bug probably means the NSA and other nefarious
entities (and probably others too) have all your passwords and could
read conversations since 2 years.
We have also created a fund for maintenance for the servers:
https://wiki.unsystem.net/index.php/UnSYSTEM/Funds/Servers
Everyone is welcome to chip in so we share the costs. This fund will be
used to pay for server costs, expanding and improving the server farm
and security and if possible some admin work, you have all the info in
the wiki.
We already received 1 btc from someone, thx!
Cheers!