In recent days the Heartbleed bug gained significant media attention.
The bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
What does mean for our clients and us?
On Tuesday morning we learned about the vulnerability. After an initial analysis we got in contact with our hosting partner Nine.ch and discussed the possible ways to upgrade the faulty OpenSSL component.
We started the mitigation process at 13:54 CET. All systems were patched, and tested against the vulnerability by Tuesday 17:41 CET.
All our clients affected have been contacted individually by Thursday morning.
As there might be the possibility that the private keys of the used certificates have been compromised we started revoke all current certificates and reissue new SSL certificates to ensure safety of the encryption.