Here at Hornbill we take security very seriously, so when we received notification of CVE-2014-0160 which has been dubbed heartbleed. we investigated our systems in order to identify if any of our servers were affected by this bug. The bug allows and attacker to read segments of memory allocated by OpenSSL making it possible to read the contents of private certificates we use to secure data in motion using SSL.
A small number of our front end web servers (which do not themselves hold any client data) were using the specific version of OpenSSL that is affected and therefore were vulnerable to this attack. We have already patched and tested to confirm that they were no longer vulnerable using http://filippo.io/Heartbleed/
We have reviewed our own logs and can see no evidence that this vulnerability has been exploited on our systems and the changes we have made to patch this will not affect our customers in anyway. As it turned out, most of our production servers where not vulnerable as they are running stable versions of OpenSSL that are not impacted by this bug which was introduced in OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable, you can read all about the problem and get more details here: http://heartbleed.com/
Hornbill Cloud Support
We are planning to carry out maintenance on your Myservicedesk.com PRO instance on 12th April 2014, during the agreed window of downtime, for a period of at most 1 hour. During this period of downtime, your Myservicedesk.com PRO instance will not be available. The maintenance work will involve upgrading your instance to ITSM 3.5.3. The details of the functionality available in this release of ITSM can be found on Hornbill’s Customer Portal:
In advance of the upgrade, users can try out the latest version of ITSM by logging in to ukdemo.myservicedesk.com . The login credentials can be found here:
Myservicedesk.com EXPERT and DEVELOPER customers are not affected by this scheduled maintenance.
If you have any questions/queries regarding this maintenance work, please do not hesitate to contact us on firstname.lastname@example.org