FRII Break Room

Informal tech chatter from the geeks of Northern Colorado’s largest commercially available data center

Home » 2014 » April

PSA: Heartbleed OpenSSL Vulnerability

heartbleed vulnerability icon

The Heartbleed OpenSSL vulnerability should be taken seriously. FixedOpenSSL has been released. Please see heartbleed.org for more information. (image from heartbleed.org)

Warning: OpenSSL vulnerability.

I’ll skip trying to re-explain everything and just link to: http://heartbleed.com/

The short version is that OpenSSL versions in the last ~2 years are vulnerable to having basically any confidential information stolen. Any exploited servers are vulnerable to having previously sniffed traffic decrypted, even after patching out the vulnerability. It is recommended that you regenerate your SSL private keys and certificates, even after patching, and revoke the previous certificates with your certificate authority.

All in all, very bad. Approximately 1/3 of the Internet is effected. FRII is advising all customers to take this extremely seriously (as we are) and take every precaution. FRII has already patched all potentially vulnerable portions of our infrastructure, and any potentially compromised certificates will be revoked and replaced as soon as possible.