The Internet has been abuzz this week with news of a recently discovered security vulnerability named Heartbleed.
Heartbleed is a programming error that allows anyone on the Internet to read the memory of an affected web server. Ironically, the Heartbleed bug affects the exact part of the web server software that is supposed to protect against such attacks. When exploited on a vulnerable system, Heartbleed allows the attacker to obtain confidential data including user IDs and passwords from a host system.
The vulnerability makes it possible for an attacker to obtain the security certificates and secret keys for a website. Until the vulnerability is fixed, changing your password is futile, since a hacker essentially has the master key that can be used to unlock any account.
We haven't received any reports of Star2Star user accounts being compromised, and it is unlikely that any have in fact been compromised given that none of our internet facing systems were vulnerable. This includes all of the servers in our ecosystem including our Starbox® Voice Optimized SD-WAN systems, the configuration portal, and all of the “back end” servers that provide voicemail, auto attendant and other essential services for Star2Star users.
Given people often use the same passwords across different sites and those passwords could have been compromised elsewhere, we are recommending that if you are a current customer or partner of Star2Star and haven’t changed your Star2Star user account password lately, now may be a good time to do so. This is the best way to ensure your information is safe.
To change your password, visit portal.star2star.com and enter your email address when prompted. Instead of entering your password, click the “Forgot your password?” link. The portal server will send you an email with a new, temporary password. When you log into the portal using the temporary password, you will be prompted to enter a new password.
Even though Star2Star’s systems aren’t affected, we’ll continue to keep a close watch on the Heartbleed situation.