Heartbleed Bug / Vulnerability
We’ve been receiving a lot of inquiries regarding the Heartbleed Bug, a vulnerability in the popular Open SSL cryptographic software library. Simply put as described at heartbleed.com, “The Heartbleed bug allows anyone on the internet to read the memory of systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
Because of the significant number of inquiries we’ve received, we thought it prudent to provide our customers (and future customers) an official company post assuring you that our Cloud Load Balancer or any other component of our cloud platform is not vulnerable to this bug. This includes our support portal, cloud management portal and everything else. We do not have OpenSSL version 1.01 through 1.01f inclusive deployed on any public-facing systems.
Here is a handy test tool that you can use. If you are a Load Balancing customer and utilize our SSL_BRIDGE protocol method, which is essentially SSL pass-through (we do not encrypt or decrypt, we just send the traffic along), we encourage you to test your systems to see if they are vulnerable. If they are, please don’t blame us : ) There are some helful strategies at the heartbleed.com link above.
Please rest assured that we continue to take the security of our platform and our customer applications and information very seriously here. If you have any questions or concerns regarding this, please create a support ticket.
The Total Uptime team
Other posts you might like...
SPF Records - creating and testing
As a DNS service provider, we frequently receive requests from customers who need assistance with understanding and creating SPF records. This short article outlines a few helpful steps that will hopefully make life easier for some.read more
The importance of an audit trail – tracking DNS changes
In our most recent cloud platform update, we added a new feature that gives our customers an audit trail of every DNS change that has been made. We’ve appropriately called it the “Change Log”. This long-anticipated feature...read more