The tech press (and for a time the mainstream press) has been full of news recently about something called “Heartbleed”.
Heartbleed is the name which has been given to a serious flaw detected in OpenSSL, an open source toolkit used on many thousands of servers across the internet to handle security and encryption. The identified flaw allows information from the memory of the server (which would usually be protected) to be extracted in small chunks by someone acting maliciously. Often this will extract mundane and essentially useless information, however it is possible that this attack could extract sensitive data such as usernames and passwords, and place them in the hands of the attacker.
So what does this mean for PharmiWeb?
Within 24 hours of the vulnerability being made public we checked all of our public facing websites which use SSL encryption; all certificates were found to be secure, and did not require any patching against the new bug. We do not actively use OpenSSL for any of our encryption, so this was to be expected.
However, some big name, global services have been impacted by the vulnerability, so it would be prudent to update your credentials for any affected services who have patched their servers. A full list of those known to have been affected can be found at the following site:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/