Heartbleed Security Update
09 Apr 2014
On Monday, April 7th, a major internet-wide security vulnerability named “Heartbleed” was announced. This bug affects OpenSSL, a common library used to encrypt internet traffic, and allows an attacker to silently siphon random pieces of information from a web server’s memory, which could contain private and sensitive information. This bug has existed on many websites for the past 2 years.
What is Ribbon doing?
Our servers were patched on Monday, so we are no longer vulnerable to the Heartbleed attack. We also reissued our SSL certificate on Monday in case our private key was compromised. This means all traffic and information sent to Ribbon is now safe and secured from Heartbleed.
What should I do?
Currently, we have no indication that any Ribbon user information has been compromised. However, when it comes to security, we believe it’s best to play it safe. We recommend changing your password in the chance that an attacker was able to siphon it from our server’s memory. You can do so in your settings page.
If you use the same set of passwords across the web, it’s advisable that you change these because they could have been compromised on any of the various websites that you visit.
The Ribbon Team