Security Alert: The Heartbleed Bug

On Monday night our staff was informed of a newly discovered security vulnerability (CVE-2014-0160) to OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. Learn more about “The Heartbleed Bug.”

Impact:

We have no reason to believe our systems were compromised, however, we cannot be sure as this bug leaves no trace of infiltration.

Actions we’ve taken:

Our staff at Telemetry implemented a patch to eliminate the security vulnerability the same night we learned of the vulnerability (April 7, 2014).

Actions you should take:

As a security measure, we recommend ALL of our users to change their passwords immediately.