A Major Vulnerability, nicknamed the “Heartbleed Bug” by security experts, has been identified. It is especially severe because it allows anyone on the Internet access to your encrypted data sent using SSL/TLS and HTTPS technologies. This compromises the secret keys used to encrypt the traffic, the names and passwords of the users and the actual content. It allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. You can find out more details of this vulnerability here: http://heartbleed.com
To determine if your server is vulnerable, you will need to check what version of OpenSSL is installed on your server. All OpenSSL versions 1.01 through 1.0.1f are vulnerable, but the following versions are already secure (and no further action would be required):
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
If your server is vulnerable, in order to fix this vulnerability, you will need to both (a) Upgrade your version of OpenSSL; and (b) Completely re-issue and re-install all your SSL certificate(s).
All Pantek Support Engineers have been advised of this issue, and trained in the appropriate response procedure. If you would like our assistance to determine if your server(s) are indeed vulnerable, or to fix the vulnerability, please contact our support team using any of the normal methods. For fastest response, we recommend opening a Support Ticket via the Pantek Portal: https://portal.pantek.com
Typically, our team can determine if your server is vulnerable with a time expenditure of 15 minutes. Vulnerable servers can typically be patched and SSL certificates replaced with an additional 30-45 minute time expenditure.
Pantek Clients who have purchased a Managed Service Plan (Standard, Premium, or Platinum) will receive a separate notification, as management of these third-party security issues occurs without extra charges. You can find more details on our Managed Service Plans here:
Thank you for your attention to this critical security issue.