As widely reported, an exploit known as OpenSSL HeartBleed CVE has taken the Internet by a storm by creating a vulnerability that could allow attackers access to personal data. At Loggly, we went to work immediately after the original announcement. We have now completed the remediation for this vulnerability as per the HeartBleed bug website.
Here are the steps that Loggly has undertaken and completed:
- Updated our OpenSSL libraries to use the latest vulnerability-free versions
- Recompiled relevant code to put these changes into effect
- Validated all changes through extensive QA as well as several CVE Vulnerability Assessment tools
- Changed all Loggly passwords
- Renewed all our SSL certificates with new private keys
We have no evidence suggesting that any Loggly data or credentials were compromised. Throughout the time of our investigation and remediation, we have maintained service levels and normal operations.
As an abundance of caution, it is considered a best practice to change all your Internet website passwords. We recommend that all Loggly customers and trial users take this step.
Everyone on my team understand how important our service is to our net-centric customers’ operations. We know that issues like HeartBleed will continue to appear, and we are always working to be ready for them while maintaining fast, scalable, and reliable log management for our customers.