Instructors,
Yesterday, MoodleRooms release the following regarding the "Heartbleed" vulnerability and their application of patches to our system.
On the evening of April 7th, Moodlerooms was made aware of the Heartbleed vulnerability, a serious bug in a piece of software called OpenSSL, which exposes significant vulnerability relating to data encryption across internet properties around the world.
Some of you might already be aware of this vulnerability. It has always been our goal to keep you as informed as possible about your Moodlerooms experience, so I’ve detailed the steps Moodlerooms has taken to ensure that your site remains unaffected by the vulnerability going forward.
-
For starters, Moodlerooms identified any potential target vectors allowing SSL connections or using certificates generated via OpenSSL. Once the catalog was established, we quickly determined that no Moodlerooms hosted SSL termination points were exposed to the vulnerability.
-
Secondly, we identified that our Amazon hosted implementation in Singapore did expose the vulnerability via AWS’ Elastic Load Balancer. Amazon has since mitigated the vulnerability and that platform is no longer exposed..
-
Moodlerooms has also researched the exploit as it pertains to various add-on services we provide associated with secure third-party authentication. The Moodlerooms elements of these services are unaffected.
-
While not immediately necessary, Moodlerooms has also taken the precaution of patching all systems in addition to regenerating keys and re-installing all SSL certificates. Both internal and external tests for exposure have all come back negative.
As always, Moodlerooms makes the integrity of the platform job #1. If you have any questions regarding the Heartbleed vulnerability as it pertains to the platform, please feel free to contact our Support Team. Lastly please note that today's corresponding maintenance pack message is simply part of the regular release cycle and is in no way related to the due diligence we completed for this Heartbleed vulnerability.
#####
Please let me know if you have any further questions.
~Kevin