[arin-announce] Security Announcement
ARIN
info at arin.net
Tue Apr 15 17:14:39 EDT 2014
ARIN is committed to the highest level of security for our production
environment and safeguarding our customers’ data. We are sure you are
aware that there has been a serious vulnerability with the underlying
SSL encryption technology that is widely used by both the industry and
at ARIN. This bug has been widely reported and called "Heartbleed".
http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability
ARIN has investigated all of its systems and made the appropriate
corrections to reduce vulnerabilities; in this process we did not
discover any evidence of issues due to Heartbleed.
At this time we have no indication to suggest that any ARIN system or
customer account was compromised. However, because of the complexity of
this vulnerability, ARIN recommends that:
1) ARIN Online users change their passwords of their user accounts
2) Create new API keys and deactivate their existing API keys.
3) Enable CRL and OCSP checking within your tools that interact with SSL
encryption to ensure you are connecting to the correct site.
Please contact hostmaster at arin.net if you have any questions.
Regards,
Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)
More information about the ARIN-announce
mailing list