Responding to CVE-2014-0160 (Heartbleed)

Incident Report for AgileMD

Resolved

This incident has been resolved.
Posted Apr 09, 2014 - 01:07 PDT

Monitoring

We've deployed various countermeasures for CVE-2014-0160 (a.k.a. the Heartbleed bug) and are monitoring our platform for any unusual activity. All services have been fully restored.
Posted Apr 08, 2014 - 22:32 PDT

Identified

In response to CVE-2014-0160 (a.k.a. the Heartbleed bug) we are rotating all keys and tokens used throughout our architecture, starting with SSL. Generally speaking, members will not observe any disruption to service except for those purchasing new content in the AgileMD Library. Until further notice, all paid transactions have been suspended.

For additional information about CVE-2014-0160 see http://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability and http://heartbleed.com
Posted Apr 08, 2014 - 12:43 PDT