SceneDoc and the Heartbleed Bug

April 9, 2014 Will Warren

Visit for more information

On April 7th, 2014  the Heartbleed bug (a.k.a. CVE-2014-0160) was publicly disclosed. Heartbleed affects SSL and subsequently any communications which are protected by SSL. This bug was introduced via the OpenSSL library, which is used by default in around 66% of systems in use on the internet today. The exposure of this bug has been felt worldwide and affects millions of websites.

At the time of this post the vulnerability in OpenSSL has been fixed, and all SceneDoc systems have been patched and are no longer vulnerable to this bug.

What is SSL?

SceneDoc protects all communications between its mobile apps and server software using industry-standard SSL (Secure Sockets Layer) encryption technology. SSL is used to ensure that the client (your mobile device) trusts the server and can verify its identity. It provides a means for the client device to be sure that the server claiming to be SceneDoc is in fact SceneDoc.  Once that trust is established, the two parties can begin to communicate via a trusted, encrypted channel.

How was SceneDoc affected by this bug?

At the time Heartbleed was made public, proactive measures were immediately taken to patch all internal systems and prevent any opportunity for risk to data or secure communications. After all systems had been patched and independently verified to be free of the Heartbleed bug, we expedited a revocation and replacement of our SSL certificates with new ones that had been generated with all new keys.

Audit logs were scanned and we verified that all data was safe, and showed no signs of tampering or foul play.

How does this affect me as a customer?

Use the My Account screen to change your password

All customer data is secure and we show no signs of any account compromises.

We are however strongly urging all customers to change their SceneDoc account passwords as soon as possible. While we are confident there was no data loss or account compromises, it is always advisable to rotate passwords after any security incident. As a side note, passwords be changed regularly as a matter of course, regardless of security incidents.

To change your password, log into the SceneDoc Cloud, click on your username in the top right hand corner, click My Account and then follow the steps to change your password.

At SceneDoc, we take security matters very seriously and are always proactively doing everything possible to ensure the integrity and security of your data.

Where can I learn more?

To learn more about Heartbleed and how it may affect other services you use, read the information on the official Heartbleed website ( For the official vulnerability report and confirmation, see the CVE here: The entry for Heartbleed in the National Vulnerability Database published by the United States government can be found here:

The post SceneDoc and the Heartbleed Bug appeared first on SceneDoc.


Previous Article
SceneDoc to Aid Rockbridge County’s (VA) Regional Hazmat Exercise
SceneDoc to Aid Rockbridge County’s (VA) Regional Hazmat Exercise

Toronto, ON, Canada – April 21, 2014 SceneDoc will be providing their...

Next Article
EPA’s OCEFT Division Runs Structured Pilot of SceneDoc Platform
EPA’s OCEFT Division Runs Structured Pilot of SceneDoc Platform

The US EPA’s Office of Criminal Enforcement, Forensics and Training...

Get Started Today With SceneDoc!

Click Here