Rackspace is tracking an industry-wide security issue broadly referred to as “POODLE,” (Padding Oracle On Downgraded Legacy Encryption) (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566). This is a vulnerability affecting the SSLv3 protocol, and a number of Rackspace customers may be impacted. At this time, we are not aware of any attacks attempting to leverage the vulnerability, but we’re closely monitoring the situation.
Part of our Fanatical Support promise is to ensure the security and health of your systems. It is of the utmost importance to us. So when the entire Linux Community, including Rackspace, was notified yesterday of the “Heartbleed” vulnerability within OpenSSL (CVE-2014-0160), the encryption software found in many Linux systems, we began plans to proactively patch your affected servers where we could.
I have been in this field for over 30 years and this is the most exciting time to be dealing with security and risk management. The good news is that there are more tools, resources and support for the industry out there now than at any time in the past. The potential downside of that is there are a lot more people using a lot of different methods to try have a less-than-desirable effect on all of us.