Thursday, April 10, 2014

Security Update: Heartbleed

All,

A security bug was recently found in the OpenSSL software library. SpotWalla.com, along with 50%+ of all companies with an Internet presence, relies upon OpenSSL to secure communications with its customers. Once alerted to this issue, the OpenSSL.org folks quickly patched their software and made it generally available to the public.

SpotWalla.com was patched with the latest OpenSSL libraries last night. I don't have any evidence that SpotWalla.com was compromised in any way, but best practices dictate that we generate and install new SSL certificates. We will take this action tonight when activity subsides.

Additionally, I encourage all users to change their password just in case it was compromised. This is especially important if you're using the same password to secure multiple sites. For instance, you're using the same password for SpotWalla.com and online banking.

For more information on the issue refer to...

TechCrunch: Heartbleed

Let me know if you have any questions or concerns. Thanks.

No comments:

Post a Comment