Like most UNIX/Linux service providers, pair Networks makes use of OpenSSL for Web and e-mail encryption. Last week, when the tech community was made aware of a vulnerability in OpenSSL, pair Networks immediately took action. Some of our servers — those running Ubuntu 12.04 LTS — were vulnerable. Patching of these servers was completed within a few hours of the release of an official patch from Ubuntu, and we have rekeyed all certificates that were potentially exposed.
The majority of our servers — those running FreeBSD or Ubuntu 10.04 LTS — were never vulnerable. This means key services like www.pair.com, pair Webmail, and the ACC, were also never vulnerable.
What can you do?
Customers with SSL certificates on Ubuntu 12.04 LTS servers have been notified and offered assistance in rekeying their certificates.
Even though the ACC was never vulnerable, consider taking this opportunity to change to a new, stronger password for your pair Networks account. You can change your account password in the ACC:
Several urgent Heartbleed-related announcements went out through our System Notices channels. If you aren’t already signed up to receive notices, you can change your notices settings in the ACC:
You can always access a feed of the most recent System Notices from the ACC: