Security Alert – Heartbleed Bug: Proactive security updates may impact some policyIQ users

Most internet users are probably already aware that a new security vulnerability discovered yesterday, the “Heartbleed Bug”, has widespread security implications across all secure internet sites.  Amazon Web Services, the datacenter on which policyIQ applications are hosted, has already patched all necessary servers to eliminate this vulnerability.  While there is absolutely no indication that any policyIQ secured sites have been impacted, our technicians have taken the additional proactive step of replacing all SSL certificates associated with policyIQ applications.

SSL certificates have an associated date and time from which they are valid, which is not standardized across all time zones.  In a typical situation, certificates would be replaced and run in tandem with the older certificates until all time zones are fully “caught up” with the certificate.  However, we have decided that in light of the significance of this issue, we are making a clean break with our new certificates replacing the old.

Users in Central, Mountain, Western and the Hawaii-Aleutian time zones may see an SSL security certificate error for several hours this morning.  Please be assured that the certificates are valid, but your computer’s time clock may not yet match the certificate’s valid start date and time.  (Users in time zones ahead of the US Eastern Time zone will have no such errors.)

We apologize for the inconvenience, but do believe that this security update warrants immediate action.  Again, we do want to stress that there is no indication or reason to believe that any policyIQ certificates have been compromised.  This is a proactive response to further harden our environment from any security vulnerabilities.  Please contact us if you have any questions.

This entry was posted in Customer Relations, Industry News by Chris Burd. Bookmark the permalink.

About Chris Burd

Chris is the Managing Director of the policyIQ group at RGP. She gets geeky about compliance and technology, and gets to spend every day working at the crossroads of the two. With policyIQ since 2005, Chris has worked with hundreds of policyIQ clients to implement technology and enhance their internal compliance environment. In the past few years, she's focused on enhancing policyIQ's offering as a Conflict Minerals and Anti-Corruption tool. In past lives, Chris worked as a system implementation consultant, a e-commerce specialist, a customer service call center manager, and - for one short but memorable summer during high school - a machine operator on midnight shift in a plastics factory. In her free time, she spoils her nieces, volunteers at her local food bank, and spends more time than she should taking photos of her cats. She would like to be a rock star when she grows up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s