Keeping Clients Protected: Stopping the Heartbleed Bug
Throughout the last few days you’ve undoubtedly heard news about the “Heartbleed Bug”, a major vulnerability in the OpenSSL cryptographic software library. Essentially, the bug enables the theft of information that is normally protected by SSL/TLS encryption. Each SSL or TLS certificate comes with security keys that (if compromised by Heartbleed) weaken the security of communication over the Internet using applications like email, instant messaging, other web-related services.
CloudAccess.net server administrators actively monitor numerous security channels and we became aware of the vulnerability immediately. The bug causing the vulnerability has been around since December of 2011, but was only announced on Tuesday of this week by a team of researchers. Although there are no known real-world exploits of the bug, we have taken every measure to protect our clients, like we always do.
First, we applied the security patch to our entire network as soon as it was made available. We also communicated with our SSL provider who has confirmed that the vulnerability lies within the OpenSSL implementation, and not in certificates provided to us. We’re confident we’ve done everything within our power to protect your data. We’ve had no reported issues from any client on any of our servers. The only other step that can be taken is to re-key your SSL and we will do that for any client upon request.
We want to emphasize that our clients have to take no action unless you’d like us to re-key your SSL certificate. Please submit a support ticket to our Hosting Support department if you’d like us to re-key the SSL for you. We’re more than happy to take this extra measure and we’ll contact you directly when we’re done.
Thank you for choosing CloudAccess.net!
