HeartBleed: what is it and does it affect me?

With news announced on Monday about the so-called ‘HeartBleed’ bug, we want to update you on how this bug may affect you and clarify the actions that HMA is taking to protect our clients.

What is HeartBleed?
The HeartBleed bug is a major flaw in a piece of open source software called OpenSSL, the security used by approximately 2/3rds of the internet’s security systems to keep data secure. If you see a little padlock symbol in your browser then it is likely that you are using SSL.

The flaw to the software makes it possible to snoop Internet traffic even if the padlock is closed, revealing the contents of a server’s memory, including private information such as email, user names, passwords, documents and credit card numbers. It remains unclear whether any information has been stolen as a result of HeartBleed, but experts are concerned about it as the flaw went undetected for more than two years.

Who is affected?
HeartBleed has the ability to compromise any applications using open-source server technology.

HMA actions
On Monday 7th April, OpenSSL released an update to address HeartBleed and we have now applied patches to all our open-source servers to cure this issue and re-generated all security keys.

If you have any further questions, please do not hesitate to contact us.