Wednesday, 9 April 2014

Heartbleed scare

Recently, there has been quite a talk about openSSL vulnerability called "Heartbleed". We are well aware of the situation. Our servers are well managed with extra level of security and problematic software is fully patched already. Here is a quote from the server manager:

"Like hundreds of other companies, we were using the affected versions of OpenSSL on our servers. However, none of our servers are accessible from the internet without going through load balancers. This means that even if our load balancers were the target of an attack, none of the code, keys or passwords would be compromised.

All of our servers, load balancers and CDN servers are now fully patched and protected against this security vulnerability.

We also have no reason or evidence to believe that any part of our infrastructure has been exploited for this vulnerability.

However, to avoid any potential risks, we have replaced all of our SSL keys and certificates to ensure no traffic is compromised between our customers and our servers."

We will keep monitoring the situation but at this point, there is no interruption to our service.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.