Heartbleed [URGENT – IMPORTANT]
We take security and privacy very seriously at Exploration.The servers where our clients’ data is stored are not affected by the Heartbleed bug that was discovered on Tuesday, 4/7/2014.
Heartbleed is a catastrophic bug in OpenSSL http://heartbleed.com/
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”
More commentary (mostly in layman’s terms) can be found in this article http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
“Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet’s Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high.”
Summary: This critical bug affects in excess of an estimated 2/3 of the internet’s web servers. Unless your IT team has updated all servers accessible to the internet within the last 48 hours, it should be a top priority regarding all sensitive data including email, chat, media assets, and accounting.
Stay close, Aaron