News and Events
Smarthub and Heartbleed - Important Info
April 14, 2014
A bug in OpenSSL, a cryptographic library that is used to secure a very large percentage (up to 2/3) of the Internet’s communications, was publicly disclosed on April 7th. This bug has been nicknamed “Heartbleed” and affects the integrity of the encryption channels used to secure websites, instant messaging and email accounts. At the time this explanation was written (April 14th), there have yet to be any publicly known malicious exploits.
Affected users have and will continue to patch vulnerable versions of their OpenSSL implementations. Once the library bug has been patched, users are also replacing their SSL certificates as they may have been compromised over the course of the past two years (believed to be the period that this bug has existed).
Miami-Cass REMC’s SmartHub website was running a version of OpenSSL affected by this bug. The OpenSSL library was patched on April 8th and the SSL certificate was replaced April 9th. At this writing, there has been no evidence of any SmartHub server compromise.
Most OpenSSL users are recommending that end customers consider changing their passwords once the SSL certificates have been replaced on affected servers. This is due to the fact that if an attacker was able to intercept SSL/TLS communication, they may have intercepted username/password combinations for anyone using the affected servers.
Based on the information presented in this notice, as a SmartHub customer, you may decide to change your password. If so, log into https://mcremc.smarthub.coop , navigate to “My Profile” and make the change.
Please contact the REMC office if you have any questions regarding Heartbleed and/or SmartHub.