Heartbleed Vulnerability Updates

Heartbleed Vulnerability Updates

While we’re sure you’re probably getting a lot of emails in response to the recent OpenSSL vulnerability (CVE-2014-0160) nicknamed Heartbleed (http://heartbleed.com), we wanted to quickly update you on your Webinars OnAir account.

The OpenSSL issue has affected a majority of services and sites across the web. Some of those sites include Google.com (and Gmail), Facebook.com, Pinterest.com, Yahoo.com, Youtube.com, and many more. Most of these were fixed within 24 hours of the security announcement.

Within hours of the notice, we looked into whether or not your account with us may be vulnerable due to our use of OpenSSL. We found that our load balancers were using a vulnerable version of the OpenSSL package. And, along with the most trusted sites in the world, within 24 hours our load balancers were updated with a safe version of the OpenSSL package.

As an added precaution, we have rotated our SSL certificates to ensure secure communications. We are not aware of any attacks against us which exploited this bug but we continue to investigate and perform ongoing security checks while monitoring the situation should any new information regarding the heartbleed bug become public.

Here’s what you need to do right now…

Most major sites have already installed security patches, but if your data has already been stolen, it may be too late.

So the first step is to change passwords on all the sites that you use, including your Webinars OnAir account. If you want a list of sites that use OpenSSL, you can find lists on the internet.

Rather than give you a specific list here, it’s probably wisest to just change all your passwords, just to be safe. Because if you’re like most people, you have one password (or variation) that you use for all your sites.

Moving forward, you may want to consider using a digital password vault like https://lastpass.com to safely store and auto-fill your passwords. As an added benefit, LastPass has added a scan for Heartbleed so you know which sites that were affected and when to change your password.

We continue to take system security seriously. If you have any questions or concerns, please feel free to contact support at support@webinarsonair.com.

For more information about the Heartbleed bug that affected nearly 2/3′s of all websites, you can read all about it on the Heartbleed website here: http://heartbleed.com

Write a Reply or Comment