Security Update regarding “Heartbleed” and SignChannel
As you may know, earlier this month a significant Internet security flaw, CVE-2014-0160, nicknamed “Heartbleed” was discovered in a widely used software component known as OpenSSL. We’d like to share with you the status of SignChannel, and what steps you should consider taking.
We have reviewed our infrastructure and we have determined that the SignChannel.com web site was using the vulnerable version of OpenSSL. On April 13th, we updated the web site to mitigate the vulnerability, and a fresh SSL certificate is now in place.
The nature of the Heartbleed problem means we have no way of knowing if that formerly-vulnerable server was probed by malicious actors. We have no information that any data was compromised. Nonetheless, we recommend that our customers change the passwords they use for the SignChannel.com service.
If you have any questions, please contact us at firstname.lastname@example.org.
For information on how Heartbleed affects Scala’s other products, please see the Important Security Update from Scala regarding “Heartbleed” web page.
The SignChannel team