Over the past few days, the Heartbleed Bug has caused many questions and uncertainty about SSL security. Many sites were impacted, including Skeddly. We don’t know, and we may never know, if anyone was actually able to exploit the bug, or if it went unnoticed for years without incident.
Skeddly uses AWS Elastic Load Balancers to handle SSL termination. AWS has confirmed that ELB was affected.
Amazon has addressed the issues within ELB in all regions, so Skeddly is no longer affected by this issue.
Since one possible exploit of the bug is the compromise of the SSL keys themselves, we have started using new SSL keys and revoked the old ones. If someone had gained access to the keys, they should not be able to use them anymore.
Security credentials for various APIs that we use have also been rotated.
You should assume the worst. Someone has confirmed that passwords were compromised at Yahoo.
We recommend you take the following precautions:
If you are using Google Chrome, you can install a Heartbleed Chrome Extension that will inform you if the site you are visiting is affected by the Heartbleed bug. If all has gone according to plan, then this tool should remain silent when you use Skeddly.