Post
Follow
Security Update: "Heartbleed Bug" Vulnerability Addressed - No Attacks Detected
|
The Heartbleed Bug
| 
|
Summary: Heartbleed Vulnerability Closed, No Attacks Detected
At 1-800 Notify we take any potential security threat very seriously and are updating you on this recent vulnerability that was discovered and subsequently closed rapidly by our security team. We are pleased to say that in our analysis of the security logs, we have not found any evidence that the vulnerability has resulted any any attacks or loss of any of our customer's private information.
What Is Heartbleed?
There was a vulnerability recently discovered to the industry-standard OpenSSL security system that is currently used by 1,000's of web sites around the world - banks, e-commerce sites, government sites, and many more - including 1-800 Notify. The bug that affects the OpenSSL Heartbeat Extension could allow an attacker to see private information (usernames, passwords, other information). This is commonly referred to as the "Heartbleed" Bug.
What We Have Done
- We have analyzed the 1-800 Notify Server environment and applied all necessary security updates and patches to our system to address this vulnerability.
- We have updated our SSL (security) key to eliminate the vulnerability.
- We have analyzed our log files and have not found any indication that we have suffered an attack using this vulnerability.
What You Can Do
While it is not required, you can enhance your own security by changing your password frequently (e.g. every 90 days).
How Can You Change Your Password
We provide detailed instructions in this related article that shows how to change your password (and username or other information):
Sources of More Information about Heartbleed:
Homeland Security/Software Engineering Institute: http://www.kb.cert.org/vuls/id/720951
Heartbleed Information Site: http://heartbleed.com/
OpenSSL Security Advisory: https://www.openssl.org/news/secadv_20140407.txt
Please sign in to leave a comment.