Communication on OpenSSL security risk (Heartbleed)

Follow

Created:
Updated:

 

Attention NetDocuments Users

Communication on OpenSSL security risk ( Heartbleed )

 

Update - May 7, 2014

As of this afternoon, all Akamai servers being used for the NetDocuments Service have had their certificates replaced to fix the Heartbleed issue that existed on the Akamai servers.  There are currently no security issues related to Open SSL as it relates to the NetDocuments Service.

 

Update - April 14, 2014

 

We have completed all of the changes that NetDocuments needs to make related to this issue.

 

However, we have been notified by Akamai that they patched the OpenSSL software 10-days ago.  At that time they thought that our certificates did not need to be replaced.  This morning they posted an update on their blog explaining that all certificates need to be replaced.   They have not yet provided a timeline on how quickly this will happen, but we are in contact with their support and will post an update when we have additional information.

 

 Refer to the following links

 

https://blogs.akamai.com/2014/04/heartbleed-update.html

 

https://blogs.akamai.com/2014/04/heartbleed-update-v3.html

 

 

Original Posting by NetDocuments

Recently computer security experts have warned of the existence of a flaw nicknamed “Heartbleed” in the OpenSSL or Transport Security Layer cryptographic software libraries. This flaw has been present universally since December 2011 and has been fixed in OpenSSL 1.0 1g which was released on Monday April 7th, 2014.  Potentially, malicious hackers could exploit such vulnerability and monitor information passed between a user and a Web service.

NetDocuments wishes to inform our users that the NetDocuments US Service does not currently have such exposure, because the particular OpenSSL library is not deployed in our production datacenter. 

The NetDocuments UK Service, however did deploy the OpenSSL libraries.  We have already patched this library and have replaced our SSL certificates world-wide.

NetDocuments Service will continue to monitor and manage our security infrastructure to ensure that all hosted documents and communications are safe.

You may want to consult with your security team as to any steps you should consider related to your implementation of NetDocuments.

 

Alvin Tedjamulia, CTO

NetDocuments

 

 

 

 

 

 

 

Back to Top

Was this article helpful?
0 out of 0 found this helpful

Comments

Have more questions? Submit a request
Powered by Zendesk