Monthly Archives: April 2014

Patched: OpenSSL Heartbleed Vulnerability CVE-2014-0160

heartbleedThis morning we deployed an update to the OpenSSL software packages on our shared and customer servers to address a critical vulnerability. The vulnerability, dubbed “heartbleed”, is the result of improper data validation (bounds check) within a “heartbeat” feature of the OpenSSL TLS implementation.

Because of this vulnerability, it is possible that a portion of active memory can be disclosed to connecting clients, which can leak sensitive information. Ultimately, this may lead to the disclosure of transaction or customer-identifiable information, which undermines the very purpose of SSL implementations for our customers and the Internet community at large.

Although we make every effort to schedule updates and maintenance, the critical nature of this vulnerability prompted immediate action. We’re working hard to protect our customers and want to thank you for your understanding.

What is the status of my SSL certificates?
Our position is that regenerating/reissuing SSL certificates is not … Read the rest