CacheFly and Heartbleed (CVE-2014-0160)

Post Author:

CacheFly Team

Categories:

Date Posted:

April 11, 2014

Follow Us:

Heartbleed (CVE-2014-0160) has been top of mind, conversation and action for everyone of late. We want to provide you with a detailed update about our work to address this issue.
First, and most importantly, the edge servers that deliver content to users were not affected.  This means all requests to the CacheFly CDN were (and remain) 100% protected by SSL.
Secondly – The CacheFly customer portal was running an affected version of OpenSSL.  This was patched within the first 6 hours of the vulnerability being announced, and SSL keys rotated.
While we have no specific information that suggests any customer accounts were compromised, we recommend all customers update their portal passwords as a precaution (and recommend you do the same for all other SSL-protected websites).  You can update your password here:
https://portal.cachefly.com/portal/password
We strongly encourage the following additional steps for all customers:
– Test all services which use SSL encryption, such as web services using HTTPS, SSL VPNs, load balancers, etc. for this vulnerability. Remember that hardware appliances can also be susceptible.
– Once all services are patched, perform password rotations for anything which may have authenticated to OR through the affected systems.
– Revoke and roll out new SSL certificates for services that may have been exposed.
We encourage all of our customers to perform additional reviews of their internal and external services and confirm they are secure against this vulnerability.
For more information about Heartbleed please visit http://www.heartbleed.com. If you would like to test your devices or sites, a good test for Heartbleed can be found at http://filippo.io/Heartbleed/.
Again, if you have any questions or if we can be of assistance, please do not hesitate to contact us at your convenience.

Product Updates

Explore our latest updates and enhancements for an unmatched CDN experience.

Book a Demo

Discover the CacheFly difference in a brief discussion, getting answers quickly, while also reviewing customization needs and special service requests.

Free Developer Account

Unlock CacheFly’s unparalleled performance, security, and scalability by signing up for a free all-access developer account today.

CacheFly in the News

Learn About

Work at CacheFly

We’re positioned to scale and want to work with people who are excited about making the internet run faster and reach farther. Ready for your next big adventure?