As you may have heard, a major security vulnerability; dubbed “Heartbleed,” was recently discovered in OpenSSL. OpenSSL enables SSL and TLS encryption, which governs HTTPS—the secure communications between your computer and the servers on the Internet. It is used by about 2/3 of the web servers in the world. This vulnerability was the result of a programming error (or bug) in several versions of OpenSSL.
Due to the scope of this vulnerability, out of an abundance of caution, we are recommending an email password change for all users as soon as possible.
At its worst, Heartbleed allowed potential access to a private key for an SSL certificate as well as the encrypted communication itself. This basically means that any individual with the knowledge and skills required to exploit this vulnerability, had a window to grab your user names, passwords and any private information you may have accessed with practically any of your online services that utilize the affected versions of the OpenSSL toolkit.
Upon learning of this exploit, our email hosting partner’s engineers took immediate action. After a full system audit, they concluded that no public-facing web servers were exposed. They did, however, find a single SMTP end-point which was intermittently vulnerable. They immediately removed this server from rotation, applied the proper updates and proceeded to insulate all remaining servers from potential exploit.
We are confident that these actions eliminate any further vulnerability associated with your Email Services and Heartbleed.
At this time we have no reason to believe any sensitive user information was accessed, however, out of an abundance of caution we recommend that all end users change their email passwords at their earliest convenience.
Users can easily update their password using our Webmail application. And remember, it is unsafe to use the same username & passwords across multiple online services.
Again, out of an abundance of caution due to the sheer scope of this issue, we are recommending a password change for all users as soon as possible.
CaribMedia Support Team