Heartbleed

On Monday, April 7th, a major bug in the popular SSL library OpenSSL was announced, generally known as Heartbleed. The vulnerability, in a nutshell:

Without using any privileged information, authentication codes or credentials we were able to steal the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Kindling uses OpenSSL on our servers for HTTPS connections, and as soon as the vulnerability was announced we began working to mitigate our exposure by upgrading our versions of the affected libraries and invalidating any secure keys that might have been leaked. Our hosting provider, Amazon Web Services, also quickly moved to prevent exploitation of the vulnerability within their infrastructure.