Heartbleed (CVE-2014-0160) has been top of mind, conversation and action for everyone of late. We want to provide you with a detailed update about our work to address this issue.
First, and most importantly, the edge servers that deliver content to users were not affected. This means all requests to the CacheFly CDN were (and remain) 100% protected by SSL.
Secondly – The CacheFly customer portal was running an affected version of OpenSSL. This was patched within the first 6 hours of the vulnerability being announced, and SSL keys rotated.
While we have no specific information that suggests any customer accounts were compromised, we recommend all customers update their portal passwords as a precaution (and recommend you do the same for all other SSL-protected websites). You can update your password here:
We strongly encourage the following additional steps for all customers:
– Test all services which use SSL encryption, such as web services using HTTPS, SSL VPNs, load balancers, etc. for this vulnerability. Remember that hardware appliances can also be susceptible.
– Once all services are patched, perform password rotations for anything which may have authenticated to OR through the affected systems.
– Revoke and roll out new SSL certificates for services that may have been exposed.
We encourage all of our customers to perform additional reviews of their internal and external services and confirm they are secure against this vulnerability.
For more information about Heartbleed please visit http://www.heartbleed.com. If you would like to test your devices or sites, a good test for Heartbleed can be found at http://filippo.io/Heartbleed/.
Again, if you have any questions or if we can be of assistance, please do not hesitate to contact us at your convenience.