EDITOR’S NOTE: This information was updated on April 14, 2014.
Part of our Fanatical Support promise is ensuring the security and health of your solution, and our Rackspace infrastructure and internal systems. When the entire Linux Community, including Rackspace, was notified of the “Heartbleed” vulnerability within OpenSSL (the encryption software found in many Linux systems), we immediately took action to audit, identify, and remediate any customer devices, and Rackspace systems and infrastructure that may have been exposed to this vulnerability. Our Global and Product Security teams have patched or confirmed systems were not vulnerable, including our cloud products and customer-facing control panels.
Check out how we used expertise at scale to help our customers through Heartbleed.
We have reached out to potentially impacted customers and have proactively patched or scheduled patching for all servers we can access, except for those customers who have opted out of our remediation efforts.
While we have no evidence of exploitation at this time, our engineers continue to run tests and diagnostics on our systems. We encourage customers who have questions regarding specific products or services to contact their Fanatical Support team.
Can I determine if this attack was used on my account?
Unfortunately, there is not a reliable way to determine if a customer solution or system has been exploited. In line with the industry response, we strongly recommend that you:
- confirm all systems are patched, even if we patched it for you,
- generate new keys for your SSL certificates and have those certificates re-issued, and
- reset critical passwords in web applications and in the base operating system.
Where can I stay up-to-date on this issue?
Rackspace updates and technical solutions are provided in the Rackspace Community: https://community.rackspace.com/general/f/34/t/3596.
Heartbleed Bug: http://heartbleed.com/
SANS ISC: https://isc.sans.edu/forums/diary/OpenSSL+CVE-2014-0160+Fixed/17917
We’re here to help provide Fanatical Support and our technical experts are available to make sure you’re protected and your website, app or business remains online. Your support team can verify if your servers have this vulnerability and they can assist you with the necessary updates.
If you have any further questions or concerns, please contact a member of your Fanatical Support team via phone, ticket, or chat.
Tune In To Our Google+ Hangout For More Information
At 1 p.m. CDT Wednesday, April 16 Rackspace will host a live Google+ Hangout “Stop the bleeding: How to patch Heartbleed at scale.” Tune in to learn more about Heartbleed and how Rackspace identified and patched thousands of servers impacted by the Heartbleed OpenSSL vulnerability. We will be joined by several specialist Rackers who determined the severity of the vulnerability, and responded to the issue at a sizable scale. You can register for the Hangout here.