Update: We have received feedback from some of our community members pointing out the fact that many Web browsers do not have the validity checks for SSL certificates fully enabled by default. In light of the recent Heartbleed OpenSSL vulnerability it is highly recommended to turn on these checks (CRL / OSCP) - so browsers automatically check if SSL certificates are still valid or have been revoked.

Thanks,
Oliver


On Fri, Apr 11, 2014 at 8:04 PM, Oliver Maerz <oliver@kantarainitiative.org> wrote:
Just a quick update about the Hearbleed Bug issue: Because of this OpenSSL vulnerability (CVE-2014-0160) it was theoretically possible for an attacker to recover our servers' private keys. As a precaution we have revoked all old SSL keys/certificates on our servers and have reissued and installed new SSL certificates. 

Thanks,
Oliver


On Thu, Apr 10, 2014 at 11:54 PM, Oliver Maerz <oliver@kantarainitiative.org> wrote:
Information has been released about a new OpenSSL vulnerability (CVE-2014-0160) and we were using an affected version of OpenSSL until today - April 10, 2014, 10 AM PT.  We have updated our servers now to the latest version of OpenSSL that includes a patch for the vulnerability. 

We recommend changing your account password, now - if you have an account on our the Kantara Initiative IdP (for example if you log in the Kantara Initiative wiki using the selection "Kantara Initaitve IdP ..."). To change your password please go to: https://idp.kantarainitiative.org/myaccount.php 

If you have any questions about this incident, please do not hesitate to contact us at staff@kantarainitative.org

Thanks,
Oliver

--
Oliver Maerz
External Consultant

Kantara Initiative  


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. No representation is made on its accuracy or completeness of the information contained in this electronic message. Certain assumptions may have been made in the preparation of this material as at this date, and are subject to change without notice. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. Please reply to Oliver Maerz and destroy all copies of this message and any attachments from your system.





--
Oliver Maerz
External Consultant

Kantara Initiative  


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. No representation is made on its accuracy or completeness of the information contained in this electronic message. Certain assumptions may have been made in the preparation of this material as at this date, and are subject to change without notice. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. Please reply to Oliver Maerz and destroy all copies of this message and any attachments from your system.





--
Oliver Maerz
External Consultant

Kantara Initiative  
+1 (503) 468-4188
oliver (at) kantarainitiative.org
http://www.kantarainitiative.org


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. No representation is made on its accuracy or completeness of the information contained in this electronic message. Certain assumptions may have been made in the preparation of this material as at this date, and are subject to change without notice. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. Please reply to Oliver Maerz and destroy all copies of this message and any attachments from your system.