How the Heartbleed Bug Affects Raven Customers

Company News

How the Heartbleed Bug Affects Raven Customers

Update Wednesday, April 9, 2014, at 1:19 a.m. CDT (GMT-6): We reset the Raven system, which logged all customers out automatically. We strongly recommend that you change your password before you log in again. This closes the Heartbleed Bug vulnerability for Raven customers. You don’t need to take any further action.

What happened worldwide

A newly identified bug named the Heartbleed Bug has made nearly 70% of all websites on the Internet insecure — over 600 million, to put this in context — including Raven’s online software website.

The Heartbleed Bug makes the secret keys that encrypt your online data vulnerable to theft. An attacker can easily steal your usernames and passwords, instant messages, emails, business documents and communication from servers with this vulnerability.

The Heartbleed Bug has existed since March 14, 2012. Attackers who exploit it leave zero trace. That means that any website owner affected by this bug has no idea what data may have been compromised since then, or if any data was compromised at all. All that they can do is patch the bug immediately, communicate with customers and take measures to reset their systems.

As of right now, we have no evidence that Raven was attacked. But given the seriousness of this, we are being proactive.

Raven software runs on Amazon Web Services servers. We’re working with Amazon right now to apply the patch. Other online software services, such as LastPass and Slack, are doing the same.

Raven is ordering new security certificates for all of our domains, including custom domains used by our customers. You don’t have to do anything.

What’s next, and what you can do

There’s nothing you (or we) can do until Amazon applies the patch for the servers that Raven uses. Here’s what will happen then:

  • After Amazon notifies us that they have applied the patch, we will verify that it’s working correctly.
  • Then we will complete the security certificate renewals.
  • Then we will reset Raven, which will log you out of the system automatically.
  • When you log in again, and from that point forward, your Raven data will be secured from the Heartbleed Bug.

We strongly encourage you to change your password. Everywhere.

Beware of websites that are popping up to “check” for the vulnerability. You may be inviting theft of your data.

Where to read more about Heartbleed

  • Finnish National Cyber Security Center: NCSC-FI is distributing advisories and updates to technical communities.
  • Heartbleed.com: This contains FAQs with (mostly) simple answers.
  • Amazon Web Services: The AWS status page has minimal information now, but more updates may come soon.
  • CNET‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords
  • Ars Technica: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping

With the Heartbleed Bug, Raven is experiencing what the world is experiencing. The security of your data is paramount to us, and we want to be honest and keep you informed of the latest news.

We appreciate your understanding and loyalty.

Scott Holdren
Chief Technology Officer and Co-Founder
Raven

Update Tuesday, April 8, 2014 at 2:35 p.m. CDT: Amazon Web Services released more information. Raven’s servers are part of the group that is taking a couple of more hours to be fixed.

Update Tuesday, April 8, 2014 at 9:04 p.m. CDT: Amazon Web Services has confirmed the patch. Raven is now processing security certificate renewals for all its domains, including our customers’ custom domains.

Related Posts Plugin for WordPress, Blogger...

Tell us what you think

  • RavenArienne

    Jason, are you still having issues? We just reset Raven, and you should be able to log in. If not, please email help@raventools.com. Many thanks.

  • Jason

    Thanks. Any idea when we’ll be able to log in again? I’m getting booted with JS login errors.

  • RavenArienne

    It’s important. Happy to keep people informed… in as simple language as possible. Most articles I have seen are dense with technical details.

  • http://www.bnpositive.com/blog Jason Bean

    Thanks for keeping up with this issue and the concern you have for your customers.