Heartbleed Update
dimanche 13 avril 2014 à 10:54 CAFAI, le 13/04/2014 à 10:54
Today, we provided more information to our customers around the research we've done into the Heartbleed vulnerability. As our analysis may inform the research efforts of the industry at large, we are providing it here.
Summary: Akamai patched the announced Heartbleed vulnerability prior to its public announcement. We, like all users of OpenSSL, could have exposed passwords or session cookies transiting our network from August 2012 through 4 April 2014. Our custom memory allocator protected against nearly every circumstance by which Heartbleed could have leaked SSL keys. There is one very narrow window through which 4 Akamai server clusters had a vulnerable release for 9 days in March 2013. For the small number of customers potentially affected, we are pro-actively rotating certificates.
(Permalink)
Today, we provided more information to our customers around the research we've done into the Heartbleed vulnerability. As our analysis may inform the research efforts of the industry at large, we are providing it here.
Summary: Akamai patched the announced Heartbleed vulnerability prior to its public announcement. We, like all users of OpenSSL, could have exposed passwords or session cookies transiting our network from August 2012 through 4 April 2014. Our custom memory allocator protected against nearly every circumstance by which Heartbleed could have leaked SSL keys. There is one very narrow window through which 4 Akamai server clusters had a vulnerable release for 9 days in March 2013. For the small number of customers potentially affected, we are pro-actively rotating certificates.
(Permalink)