Zanbato updated for Heartbleed
You may have heard recently about the Heartbleed Bug, a vulnerability in the OpenSSL library that could allow someone to read memory off of a server. Zanbato runs on the Ubuntu operating system and was using the OpenSSL library as part of securing connections over https. Additionally, Zanbato runs behind Amazon’s Elastic Load Balancers (ELB).
The day the vulnerability was discovered, all Zanbato servers were patched with the latest version of OpenSSL to prevent any vulnerabilities going forward. Additionally, Amazon also informed users quickly that ELBs were also patched.
Since then, we have reissued certificates for https://zanbato.com, so the lock that appears in your browser next to our URL should be the newest certificate.
Finally, we recommend that you change your Zanbato password. To the best of our knowledge, Zanbato has not been targeted by the Heartbleed Bug, but changing passwords is a good precaution to take, as many other online services have also suggested. To re-iterate, however, all user passwords on Zanbato are stored as salted hashes (as described here), so your passwords are still secret.
Especially given the sensitivity of the data, Zanbato is dedicated to security across its services. As part of that, we have undergone security assessments and mitigated any issues discovered. Our engineering team also keeps our services up-to-date with the latest software and news, and we try to conform to the best, secure practices recommended.
If you have any questions, please contact us at https://zanbato.com/contact/.
Posted by Kevin Leung, Lead Engineer and Co-Founder