Security update – Heartbleed Announcement

Posted on April 11, 2014 by

On 04/07/2014 the National Vulnerability Database announced a serious vulnerability, known as ‘Heartbleed’, that was discovered in OpenSSL. The vulnerability threatens the security of websites across the Internet by allowing remote attackers to covertly acquire sensitive information, including passwords, and gain access to corresponding accounts.

Heartbleed

Flowroute is now Heartbleed-proof.

As soon as the Heartbleed vulnerability was announced, we performed a risk-assessment and upgraded all services that were potentially at risk. No evidence was found that Flowroute systems have been compromised in any way, but out of an abundance of caution, we recommend that all users change their account login and SIP credentials passwords.

How can you further protect yourself?

It is recommended you reset your passwords on any affected, or potentially affected sites. You can test the vulnerability of specific web properties using this tool.

To protect any services you have hosting SSL from risks associated with Heartbleed, upgrade to OpenSSL 1.0.1g. If you are not able to immediately upgrade, recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

For a more detailed analysis of Heartbleed, visit Heartbleed.com.

To make sure your new passwords are secure, read up on password best practices.

If you have any questions about Heartbleed, your risk, or our resolution, please contact support@flowroute.com.