Many of you have undoubtedly been reading about the Hearbleed security issue with OpenSSL. Some of our servers were vulnerable to Heartbleed - notably our CentOS 6 servers. The ones running CentOS 5 were not vulnerable because they are based on an older version of OpenSSL. We upgraded the OpenSSL library on all of our vulnerable servers as soon as a patched version was available, and none of our servers are now vulnerable to this exploit. We have re-keyed the secure certificates for our clients who were under maintenance contracts. We would recommend that everyone go out and update your passwords on any web-based systems that may have been vulnerable to this exploit, including logins for email accounts. If you are having any trouble with this on our systems, please let us know.
Please note that the administrative panel logins on our servers were not vulnerable to this exploit - but your logins through SSL on your own web sites were, possibly. In any case, rotating passwords occasionally is always a good policy, and we would also recommend (as the Internet gets more and more lawless) that you think seriously about using a password system (we happen to like LastPass) to keep track of your passwords, allowing you to generate random passwords for sites, but to still keep track of them. Last of all, we'd like to recommend that you think about implementing dual authorization on your important logins. We are using Authy on some of our administration software to require that we not only have a password, but a random one-time key to log in to our servers.