IMPORTANT: VMware Learning Platform Security Notice - Heartbleed Update

Security is a top priority for the Project NEE team. The recently publicized SSL encryption vulnerability known as Heartbleed is not a matter we take lightly and our team has already taken steps to protect your data across our systems.

To summarize our actions ...

1) We have applied the fix. This involved:

• Immediately updating vulnerable services to a non-vulnerable version of OpenSSL
• Rotating all existing SSL certificates and revoking the previous certificates
• Restarting all affected servers
 
2) We encrypt the strings used for our cookie-based authentication and they also are set on a rolling timeout so existing authentication will not be impacted. However, your passwords are passed via SSL to the core servers for authentication and as such could have been compromised by this vulnerability. You should immediately change your NEE password when you can.
 
To change your password visit http://www.projectnee.com and click the "forgot password” link on the login box. You will get an email or you can answer your security questions and then you can reset your password.
 
If you’d like to know more about what’s going on see the TechCrunch article (http://techcrunch.com/2014/04/08/openssl-heartbleed-bug-leaves-much-of-the-internet-at-risk) and the OpenSSL Security Advisory (http://www.openssl.org/news/secadv_20140407.txt).
 
If you have any other questions about this vulnerability and what was done to secure the platform do not hesitate to contact us at support@projectnee.com.
 

- The Project NEE Team

Have more questions? Submit a request

0 Comments

Article is closed for comments.