Heartbleed (CVE-2014-0160) has been top of mind, conversation and action for everyone of late. We want to provide you with a detailed update about our work to address this issue.
As of April 8th, 2014, all ServerCentral services have been patched against the Heartbleed vulnerability. It is safe and secure for users to interact with ServerCentral sites. Affected systems will require a password reset at your next login.
All managed service customers have been contacted about Heartbleed if there was a concern with the vulnerability on services we provide. Please note all of our platforms have updates available for you at this time.
In addition to securing our own services, ServerCentral has performed a basic scan of our customer base to detect anyone who may have vulnerable services. We have been reaching out to these customers to make them aware of this vulnerability and to offer our assistance on fixing the problem.
We strongly encourage the following steps for all customers:
- Test all services which use SSL encryption, such as web services using HTTPS, SSL VPNs, load balancers, etc. for this vulnerability. Remember that hardware appliances can also be susceptible.
- Once all services are patched, perform password rotations for anything which may have authenticated to OR through the affected systems.
- Revoke and roll out new SSL certificates for services that may have been exposed.
We encourage all of our customers to perform additional reviews of their internal and external services and confirm they are secure against this vulnerability.
For more information about Heartbleed please visit http://www.heartbleed.com. If you would like to test your devices or sites, a good test for Heartbleed can be found at http://filippo.io/Heartbleed.
Again, if you have any questions or if we can be of assistance, please do not hesitate to contact us at your convenience.