On the evening of April 7th, Moodlerooms was made aware of the Heartbleed vulnerability, a serious bug in a piece of software called OpenSSL, which exposes significant vulnerability relating to data encryption across internet properties around the world.
Some of you might already be aware of this vulnerability. It has always been our goal to keep you as informed as possible about your Moodlerooms experience, so I’ve detailed the steps Moodlerooms has taken to ensure that your site remains unaffected by the vulnerability going forward.
For starters, Moodlerooms identified any potential target vectors allowing SSL connections or using certificates generated via OpenSSL. Once the catalog was established, we quickly determined that no Moodlerooms hosted SSL termination points were exposed to the vulnerability.
Secondly, we identified that our Amazon hosted implementation in Singapore did expose the vulnerability via AWS’ Elastic Load Balancer. Amazon has since mitigated the vulnerability and that platform is no longer exposed.
Moodlerooms has also researched the exploit as it pertains to various add-on services we provide associated with secure third-party authentication. The Moodlerooms elements of these services are unaffected.
While not immediately necessary, Moodlerooms has also taken the precaution of patching all systems in addition to regenerating keys and re-installing all SSL certificates. Both internal and external tests for exposure have all come back negative.
As always, Moodlerooms makes the integrity of the platform job #1.
Senior Director, Technology Operations
Thanks for that update. It was nice to know my Moodlerooms account was safe as I spent about an hour last night changing passwords for other accounts that were not.