Impact Media Solutions is aware of the vulnerability called “Heartbleed”, which is a security risk for users of OpenSSL, a widely-used opensource cryptographic software library. It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, which could include usernames and passwords of users or other data stored in server memory.
Impact Media Solutions does however recommend that you change any passwords on websites that contain sensitive data frequently, and now would be a great time to do just that to be sure that you are protected.
To be clear, this is a vulnerability of the OpenSSL library, and not a flaw with SSL/TLS. At no time were Impact Media’s SSL Certificates at risk. If you have any questions or would like to learn more about this vulnerability please call our office or contact us through our website and we will be happy to explain this further.
