Sunday, April 13th, 2014...7:22 pm

Heartbleed Update

Drugs.com utilizes the Akamai content delivery network to serve our website to end users.

Akamai patched the announced Heartbleed vulnerability prior to its public announcement. Akamai, like all users of OpenSSL, could have exposed passwords or session cookies transiting our network from August 2012 through 4 April 2014. Their custom memory allocator protected against nearly every circumstance by which Heartbleed could have leaked SSL keys. There is one very narrow window through which 4 Akamai server clusters had a vulnerable release for 9 days in March 2013. For the small number of customers potentially affected, Akamai are pro-actively rotating certificates.

According to Akamai, all certs issued on or after 1 April 2013 are certainly safe.

Here is the full post from Akamai…

https://blogs.akamai.com/2014/04/heartbleed-update.html

Best Regards,
Drugs.com Support

Leave a Reply