Recently, a security vulnerability known as 'Heartbleed' was discovered in certain versions of OpenSSL, an encryption library that a majority of internet services rely on for secure communications. All customers are encouraged to read official details of the Heartbleed bug. Suitable Technologies has engaged in a thorough review of this bug to assess impact on services, Beams and clients. In an endeavor to protect customers and in due accordance with industry best practices, Suitable has taken the following steps:
- Patched all of our servers to non-vulnerable versions of OpenSSL.
- Replaced all SSL certificates with new certificates. These certificates were generated from fresh RSA key-pairs, and all prior certificates have been revoked.
- Enabled Perfect Forward Secrecy on our web servers.
- Released a new, non-vulnerable version of the Beam client software for Windows. Mac OS X clients are not vulnerable. We strongly recommend that you upgrade immediately.
- A new, non-vulnerable version of our Beam SPD software has been released. Your Beam will receive the update automatically.
Suitable has no reason to believe that any data or credentials have been compromised in any way. However, as a precautionary measure and per security best practices, we strongly recommend that you upgrade your client and then change your password immediately. We will continue to monitor this carefully and we will post further information here, on our blog. Please contact our support team at firstname.lastname@example.org if you have further questions.