Imarc

OpenSSL “Heartbleed” vulnerability status

Robert Mohns, UX Researcher
Posted on Apr 11, 2014

This Tuesday, a new OpenSSL security vulnerability was announced (with a fix). We're committed to security, and although we usually don't comment, such a high-profile report as this merits a public note. The short version is, if we host your site, you're safe.

We use OpenSSL for encrypting certain connections to and from the servers that host many of our clients' sites. We immediately checked all our servers. Most of our servers were not running the vulnerable version, so they were never vulnerable to Heartbleed.

Twelve of our clients' sites were running the vulnerable version. While there's no evidence that any of these servers were compromised, we upgraded OpenSSL with the fixed version that day.

Due to the widespread nature of this vulnerability, we recommend changing your passwords across the web. (If you don't use a password manager tool, now's a good time to start. Here's an article by iMarc engineer Dan Collins with some tips on picking a password manager. I'm fond of 1Password, which works on Windows, Mac, Android and iOS.) Update: See the new Password Managers: 2014 Heartbleed Edition.

You can find more info on the vulnerability at http://heartbleed.com/.

If you have any questions for us, please contact us at support@imarc.net.