About the "Heartbleed" OpenSSL security vulnerability

watchmanmonitor · April 9, 2014, 9:24pm

A recently-disclosed bug in OpenSSL (a technology used to secure a majority of websites) named “HeartBleed” (CVE-2014-0160) potentially allows an attacker to gain access to private encryption information and other secure data.
Rest assured, the Watchman Monitoring app was not susceptible to this bug and our servers were updated immediately.

Watchman Monitoring does not store credit card or other payment details, and your sensitive data was never at risk of being disclosed. We’ve also contacted our vendors and have confirmed that they have taken immediate appropriate actions.

If you’d like to check your site to see if it’s affected by the bug, go here: http://filippo.io/Heartbleed/
Full details on this bug, including information on how to guard agains it, are available here: http://heartbleed.com

As always, feel free to reach out to us with any questions or concerns.

Published at: https://www.watchmanmonitoring.com/notice-heartbleed-security-vulnerability/

watchmanmonitor · April 15, 2014, 4:48am

Hi all,

Our initial release had a bit of a misnomer. The Watchman Monitoring application itself wasn’t susceptible, however a server in our staging environment was using the same multidomain wildcard certificate. As of 6 PM Central, on 14 April 2014, every SSL certificate in use by Watchman Monitoring on the day of the announcment has been revoked and regenerated using fresh keys.

As each of our key providers have responded to the Heartbleed vulnerabilty, we’ve reset the passwords we use to access their systems. We encourage each of you to reset your passwords as well.

You may request a reset of your Watchman Monitoring password here:
https://app.monitoringclient.com/users/password/new

Thank you,

-Allen Hancock