Heartbleed SSL Bug: Resolved – April 09, 2014

Lime Daley has updated all of our SSL certificates due to the recently discovered bug in the widely used OpenSSL libraries.

The vulnerability affected our email and web services.  Unfortunately, there isn't any way to detect whether an attacker has made any use of this vulnerability or not.  To be safe, you should update any passwords you have.

This vulnerability does not apply to those customers on "orange", as that server was using a version of the software that was not affected by this bug.

Additionally, access via sftp and ssh were also not affected.

Any services not protected by SSL (like web pages that don't have an https:// at the front, but just http://)  are also not affected, because non-ssl services are eavesdroppable by default any way.

For more information, you can read about it at heartbleed.com.  You can also test any services you would like at filippo.io.