You may have heard about the recent security vulnerability known as “Heartbleed.” Researchers have discovered a vulnerability in OpenSSL (a cryptographic software library that protects many services on the Internet) that allows unauthorized access to protected information. Skytap has investigated this issue and determined that our websites, particularly https://cloud.skytap.com, and other publicly exposed services are not vulnerable to the Heartbleed bug. Private, internal-only services are also being validated and patched if vulnerable. To protect indirect loss of information, Skytap has also ensured that our own external service providers do not have this vulnerability.
This issue may affect our customers through virtual machines running within Skytap that are externally exposed. By default, all Skytap environments are isolated both from other environments running within Skytap and from the Internet. If you have chosen to expose your networks to the Internet via public IPs or published services, we strongly recommend that you check and update guest operating systems and installed software applications. We also recommend that you check and update client tools used to communicate with your resources in Skytap or other providers.
Additional information about Heartbleed can be found here, and the following site contains a list of vendors and their current status in relation to this vulnerability: http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=720951&SearchOrder=4
If you have further questions about the Heartbleed bug or Skytap’s response, please contact us.
Thanks!
The Skytap Team
