Heartbleed Bug

Heartbleed Bug LogoAt Reid Business Services we take security seriously and have thoroughly investigated the implications of the Heartbleed Bug for our clients and services and have verified that we are minimally affected:

  • Websites: Our web hosting servers were not vulnerable at any time.
  • Domains: Our domain registrar’s system is not vulnerable.
  • SSL Certificates: None of the secure servers used by our clients that we currently maintain were vulnerable and so the secret keys remain uncompromised.
  • Internal Tools: None of the internal tools and services that we currently utilize are vulnerable.
  • Email: Only one outbound mail server with one host was vulnerable and was patched on Tuesday night and new SSL certificates issued. Our primary email server was not vulnerable, but new SSL certificates have been issued as part of a blanket implementation.

So what does this mean for our clients? 

  • Some users may be prompted to accept a new SSL certificate in their email clients. This is expected and not a cause for concern and is a reassurance that our service providers are on top of the situation.
  • Our clients that are using the mail service that did have one vulnerable outbound server will be contacted individually with additional details and procedures to change their email passwords.

In summary, we do not have reason to believe that any of our systems were compromised but due diligence and “an abundance of caution” dictate that we recommend that users of the one system that could theoretically have been compromised change their email passwords.

We feel it is important to keep you informed on these issues and welcome any additional questions or concerns you may have regarding the services we provide.

References:
http://www.openssl.org/news/secadv_20140407.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://heartbleed.com

Brian - Brian is the technical lead for Reid Business Services.

Comments are closed on this post.