Security Announcement [Archived]

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

Posted: Tuesday, 15 April 2014

ARIN is committed to the highest level of security for our production environment and safeguarding our customers’ data. We are sure you are aware that there has been a serious vulnerability with the underlying SSL encryption technology that is widely used by both the industry and at ARIN. This bug has been widely reported and called “Heartbleed” (http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability). ARIN has investigated all of its systems and made the appropriate corrections to reduce vulnerabilities; in this process we did not discover any evidence of issues due to Heartbleed.

At this time we have no indication to suggest that any ARIN system or customer account was compromised. However, because of the complexity of this vulnerability, ARIN recommends that:

  1. ARIN Online users change their passwords of their user accounts
  2. Create new API keys and deactivate their existing API keys.
  3. Enable CRL and OCSP checking within your tools that interact with SSL encryption to ensure you are connecting to the correct site.

Please contact [email protected] if you have any questions.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.