There has been quite a lot of buzz in the past 48 hours around the Heartbleed Bug (CVE-2014-0160) - we have fixed and patched the vulnerability on Fleep servers and new SSL keys have been deployed. All is safe and sound again in the Fleep world.
For those that are not aware of the issue or are wondering why they should care about it, here’s a quick summary from the Heartbleed Bug website:
“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
It allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.”
This is a delicate issue, we take the security and privacy of our customer data very seriously and continue to keep an eye on vulnerabilities and security alerts in the future as well.
In the meantime, even though we have no evidence that any Fleep users’ credentials were compromised we recommend, due to the severe nature of the bug, that you change your Fleep password.
You can find out more information about the Heartbleed Bug website. If you have any further questions, don’t hesitate to ping us through Fleep Support, our social channels (Twitter, Facebook) or firstname.lastname@example.org.