Heartbleed - SSL Security Update
You may have heard about “Heartbleed", the recent security issue facing a large portion of the Internet. We just wanted to let everyone know that upon learning about the issue, we took immediate action to patch all Logic Media servers, rotate passwords, and re-key SSL certificates.
In short, Heartbleed is a vulnerability in the popular OpenSSL software package, which powers SSL (the “S" in “https") and encrypts web traffic such as passwords and credit card numbers. OpenSSL runs on around two thirds of web servers worldwide, and the bug has been present, but undetected, for about two years.
This is a very serious vulnerability, and allowed a malicious user to craft a special query that could be used to pull segments of the server's memory back to the attacker, potentially containing email addresses, passwords, credit card numbers, or SSL keys. There have been proof-of-concepts created that have succeeded in extracting a server's SSL key, which renders the encryption useless.
Again, all Logic Media servers follow a tight upgrade/patch schedule, are fully patched, and are not vulnerable to the Heartbleed OpenSSL flaw.
We encourage everyone to use this as a reminder to change their passwords on every online service, especially those of a financial nature.