Security Notice regarding CVE-2014-0160 (Heartbleed)

As Technical Director of iWeb, I wanted to reach out to you regarding our response to the Heartbleed OpenSSL vulnerability. The vulnerability was discovered within a piece of server software called OpenSSL. It is used to securely transport information between devices on the internet. This vulnerability affects a substantial number of websites and services on the internet, including iWeb FTP.

After learning about this vulnerability we applied the operating system vendor's supplied patch and are able to confirm that iWeb FTP is no longer vulnerable.

These are the steps that we took:

• Patched the OpenSSL library with the vendor supplied update
• Revoked and renewed all of our SSL certificates associated with the service

These fixes were in place as of midday on Tuesday, April 8th - UK time. We have no evidence that user credentials have been compromised. Even so, we would highly recommend that you change all of your passwords associated with your account. You can do this through your administration control panel.

Users who want to be extra vigilant should revoke and recreate any share links that have been generated. Please note that this will stop any existing share links that have been distributed from working.

For more information about the Heartbleed vulnerability, visit http://heartbleed.com/.

If you have any questions or concerns, please do not hesitate to contact us on help@iweb-ftp.co.uk

Kind regards,
Neil Boughton, Technical Director