At Alpha Six, we live and breathe by the security of the applications that our customers have entrusted to us. Since the news of the HTTPS Heartbleed vulnerability broke, we have been working diligently to eliminate risk from this threat.
If this is the first time you’re hearing from Alpha Six about Heartbleed, it’s because your system was not identified as “at-risk.” However we do want to inform you of the steps that Alpha Six security experts have taken to safeguard all of the data in our network:
- We completed a full network scan to identify any servers at risk due to the OpenSSL vulnerability (CVE-2014-0160)
- We completed patching of any internal infrastructure identified as at-risk
- For customers with identified at-risk systems, we sent a communication to inform them of the risk and offered to assist with the following recommended actions:
- Patching of at-risk systems
- Reissuing and provisioning of new SSL certificates
- Finally, we determined to include the Heartbleed vulnerability resolution patch in April’s monthly patching routines to ensure any remaining at-risk systems are addressed.
The Alpha Six Security Squad
Wednesday, April 16, 2014