The security team at Skycore has been working to assess the impact for our customers following April 7th’s disclosure of CVE-2014-0160, also known as Heartbleed. This is a critical vulnerability in OpenSSL which can compromise the secret keys used for SSL encryption.
We have not discovered any intrusions or unauthorized use of our systems but it is important to ensure that the vulnerabilities are patched in a timely manner.
We have performed the following updates to our systems and procedures on the following dates:
* We have patched all OpenSSL libraries on all servers April 8th
* Skycore leverages Amazon Elastic Load Balancing infrastructure. This was patched by Amazon on April 8th
* We have reissued all internal SSH keys April 8th and renewed SSL Certificates April 11th
We recommend our API customers review the security of their own servers to ensure they are not vulnterable:
* Refresh API Keys if applicable
* Verify that any of your public and private SSL endpoints are not still vulnerable
Further background on the Heartbleed vulnerability: http://heartbleed.com/
To confirm our Heartbleed status visit: http://filippo.io/Heartbleed/#skycore.com
We hope this answers your questions about the impact of CVE-2014-0160. If you have any follow up questions, don’t hesitate to ask at firstname.lastname@example.org
All the best,
The Skycore Team