, , , , , , , , , , , ,

The “Heartbleed” security flaw: What Intermedia customers need to know

You may have heard about “Heartbleed”, a major security bug that’s currently being widely covered in the news.

As Intermedia’s VP of Privacy and Security, I want to take a moment to explain a little more about what Heartbleed is and how you can protect yourself.

Most importantly, I want to assure you that Intermedia has already taken measures to assure that this bug does not impact our services.

What is Heartbleed?

Heartbleed impacts OpenSSL, the cryptographic software library that enables a kind of encryption called SSL (Secure Sockets Layer). This encryption is what governs secure communications between your computer and the servers on the Internet.

Heartbleed is the name for a vulnerability that was discovered within several versions of OpenSSL. Computer security experts have begun advising the administrators who manage servers to patch this flaw, which is why you’re seeing it in the news.

How does it affect Intermedia services?

Intermedia does not broadly use OpenSSL in the majority of our infrastructure and supporting services.

In fact, only a small minority of our services were in need of attention. For those, Intermedia has already completed the recommended security patches to fix the vulnerability. We are reissuing and reinstalling the SSL certificates for these services.

Not vulnerable Patched (no longer vulnerable)
HostPilot POP/IMAP for our web hosting customers only
Hosted Exchange AppID
Hosted PBX SecuriSync
SharePoint
Lync
Email Archiving
McAfee Email Protection
UserPilot
All other services

What’s more, we’ve also created perimeter defense signatures to block any attacks that might be directed at this vulnerability.

There is currently no evidence that any Intermedia system was comprised or that any customer data has been impacted.

What can you do to protect yourself?

Heartbleed does not impact your computer. Rather, it impacts the servers that deliver information to your computer.

Because this bug can potentially affect ANY internet service, we encourage all our users to update their passwords for any service. You shouldn’t do this right now, because the vulnerabilities might not have been patched—instead, you should wait a few days or do so once your provider confirms that they’ve issued a fix.

This applies not just for Intermedia services, but your bank, Gmail, Facebook, and any other online services you use. Here’s our guidance on creating a strong password.

(The small number of Intermedia users who are affected will receive confirmation via email soon, once the SSL certificates have been reissued and reinstalled.)

In summary: you can rest assured that Intermedia has mitigated any impact that Heartbleed might have had on our services.

We’d be happy to answer any questions you might have. Feel free to contact Intermedia support at any time.

UPDATE 4/10
Intermedia has completed reissuing and reinstalling the SSL certificates for our small number of affected services. Users of these services (see the table above) should now change their passwords for extra precaution.

 

Like this resource? See more like it in our Resource Center

About Ryan Barrett

Ryan is Intermedia's Vice President for Security and Privacy.