Visit http://heartbleed.com for more information
On April 7th, 2014 the Heartbleed bug (a.k.a. CVE-2014-0160) was publicly disclosed. Heartbleed affects SSL and subsequently any communications which are protected by SSL. This bug was introduced via the OpenSSL library, which is used by default in around 66% of systems in use on the internet today. The exposure of this bug has been felt worldwide and affects millions of websites.
At the time of this post the vulnerability in OpenSSL has been fixed, and all SceneDoc systems have been patched and are no longer vulnerable to this bug.
What is SSL?
SceneDoc protects all communications between its mobile apps and server software using industry-standard SSL (Secure Sockets Layer) encryption technology. SSL is used to ensure that the client (your mobile device) trusts the server and can verify its identity. It provides a means for the client device to be sure that the server claiming to be SceneDoc is in fact SceneDoc. Once that trust is established, the two parties can begin to communicate via a trusted, encrypted channel.
How was SceneDoc affected by this bug?
At the time Heartbleed was made public, proactive measures were immediately taken to patch all internal systems and prevent any opportunity for risk to data or secure communications. After all systems had been patched and independently verified to be free of the Heartbleed bug, we expedited a revocation and replacement of our SSL certificates with new ones that had been generated with all new keys.
Audit logs were scanned and we verified that all data was safe, and showed no signs of tampering or foul play.
How does this affect me as a customer?
Use the My Account screen to change your password
All customer data is secure and we show no signs of any account compromises.
We are however strongly urging all customers to change their SceneDoc account passwords as soon as possible. While we are confident there was no data loss or account compromises, it is always advisable to rotate passwords after any security incident. As a side note, passwords be changed regularly as a matter of course, regardless of security incidents.
To change your password, log into the SceneDoc Cloud, click on your username in the top right hand corner, click My Account and then follow the steps to change your password.
At SceneDoc, we take security matters very seriously and are always proactively doing everything possible to ensure the integrity and security of your data.
Where can I learn more?
To learn more about Heartbleed and how it may affect other services you use, read the information on the official Heartbleed website (http://heartbleed.com). For the official vulnerability report and confirmation, see the CVE here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160. The entry for Heartbleed in the National Vulnerability Database published by the United States government can be found here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160