RE: SECURITY ADVISORY - Heartbleed Security Vulnerability (OpenSSL)
A major new security vulnerability has been disclosed. The flaw, nicknamed “Heartbleed,” is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol. (This does not necessarily mean they are using OpenSSL.)
CNS does not utilize openSSL for any back-end services and so CNS services are not vunlerable to the Heartbleed flaw. However, subscribers utilizing open SSL (including stunnel) in their hosted VM's should patch the software immediately and reissue the certificates.
You will no doubt be receiving multiple messages regarding this issue from different sources. Each will probably advise you to change all of your online passwords. We agree - it is prudent to change your online passwords - but only after receiving confirmation from the service that their systems have been updated. Otherwise, you will simply be changing passwords on a still vulnerable system. One of the best ways to keep your CNS account and services secured is by utilizing our free two-factor authentication.
Please do not hesitate to contact CNS Support if you have any questions or require assistance.
More Information: Heartbleed Bug Exposes Passwords, Web Site Encryption Keys
|