MegaPath

Share This Article:

Subscribe:

Subscribe to our feedNews RSS Blog RSS

MegaPath Customer Advisory: Heartbleed Bug

April 14, 2014

As you may already be aware, security researchers recently announced a security flaw in OpenSSL, the open-source encryption standard used by the majority of websites to transmit data that users want to keep secure. The bug, known as Heartbleed, allows attackers to intercept secure communications and steal sensitive information such as login credentials, personal data, or even decryption keys such as those utilized in SSL website certificates.

At MegaPath, we take your privacy and security very seriously. We continually perform security audits and diligently and persistently monitor our network to ensure that there are no vulnerabilities that could affect the services provided to you, our customers. In addition, we perform stringent testing including detailed validation and certification of any new piece of equipment being introduced in our network prior to putting it in production.

Like many service providers such as Google, Microsoft, and Amazon, once MegaPath became aware of the Heartbleed vulnerability, we moved quickly to address it. Since this security issue was announced, we have performed extensive security audits within our network and services platforms to check for this specific vulnerability. MegaPath has no evidence that the Heartbleed bug was used to access any MegaPath data or services.

We have confirmed that our website and online portals are not impacted. In addition, MegaPath has verified that equipment and configurations utilized in MegaPath services, including customer premise equipment (CPE) and other components, either do not enable SSL access to the devices and/or have been found to not have the vulnerability in any of the production versions of the software code.

MegaPath has evaluated the following services for any impact relating to the Heartbleed bug with the following results:

  • MPLS – Not impacted
  • Managed Security Services (MSS) – Not Impacted
  • Voice over IP (VoIP) – Customer equipment not impacted
  • SSL VPN – Potential vulnerability identified and patch implemented and resolved
  • Email and Web Hosting – Potential vulnerability identified and patch implemented and resolved
  • Cloud Hosting – Not Impacted

MegaPath recommends that customers follow industry standard security best practices, including the use of strong passwords, regular password rotation, and utilizing different passwords for different services. Customers should verify any third-party software applications are not impacted and avoid sites and services impacted, but not remediated. We recommend customers not attempt to make password changes on services until they have been remediated, as the password change request could expose sensitive account information.

For more information on the Heartbleed bug, here are some helpful links:

If you have any questions, please contact us at 1-877-611-6342 (option 4) or email support@megapath.com.

Share This Article:

Subscribe:

Subscribe to our feedNews RSS Blog RSS

Comments

Mary Beth Pratt

Thank you for the update. I wish you had been able to include it with my monthly invoice or had also published it where I log in to my email, since I rarely go to the main MegaPath site. I am an original Speakeasy customer.

April 16, 2014, 2:05 PM
Post a Comment
  1. Leave this field empty

Required Field

CALL US: 877-634-2728 to speak to one of our Business Consultants today.