Today we were made aware of SSL/TLS MITM vulnerability that has just come to light and has a known fix. The OpenSSL Security Advisory has warned that "an attacker using a carefully crafted handshake can force the use of weak eying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution."
While we do not have any reason to believe there have been any attacks on our systems, we will be watching this latest vulnerability carefully. As part of our normal operations we continually monitor our systems and we will be taking any corrective actions necessary to protect our servers and customers from this latest threat.
We advise any customers or partners that use OpenSSL or leverage products that use OpenSSL to take similar precautions.