Response to Heartbleed Security Threat

Earlier this week, a security vulnerability known as Heartbleed was announced. This was an important event because Open SSL, the underlying library in question, powers security and encryption for approximately two-thirds of the internet including sites like your bank.

heartbleedFirst and foremost, we have no evidence that leads us to believe this vulnerability was used to access Edthena data or Edthena servers.

Because Edthena focuses on maintaining a high level of security for our users, this was a major development that demanded quick action. This is how we responded:

  • Within an hour of the security patch being released, we successfully updated and restarted our servers. This means that we were no longer vulnerable to the security exploit.
  • Within 18 hours, we revoked our existing cryptographic keys and completed the necessary steps to generate and implement new keys for accessing our data.

In short, while Heartbleed presented a potential threat to our data, we acted immediately to deploy a fix and restore the highest level of security to our systems and for our users.

Essentially every site needs to take steps to upgrade security measures, and they’ll need to communicate those upgrades to users like we’ve done here.

You can test any site for whether they’ve installed the updates by visiting http://filippo.io/Heartbleed

Image from Heartbleed.com

Get new posts via email

No spam. Ever. We promise.