By now, many of you have likely heard of the so-called “Heartbleed” bug in the popular OpenSSL encryption library. Essentially, this vulnerability allows an attacker (either a malicious client – web browser or other local application – accessing a server or a malicious server communicating with a client) to read a small segment of memory on the afflicted machine. This memory may contain sensitive information or it may contain nothing of much use to anyone.
While the vulnerability was apparently in the code for some time, it did not become common knowledge until earlier this month. You should know that we immediately took steps to correct our affected systems, and have continued our analysis of the situation to ensure that all of our publicly-accessible (and publicly-accessing) systems are secure.
We invite you to test our security rating on the well-respected Qualsys SSL Labs site.
We want you to know that we take the privacy and security of your information very seriously, and will continue to monitor and make every effort to maintain the integrity of our systems.