As you probably know by now, Heartbleed is the name for a bug in the
OpenSSL cryptography software that, in short, could enable an attacker to
steal the private key that was meant to encrypt TLS secured connections. With
access to the private key, the attacker could access user names, passwords, and
other sensitive data that internet users thought was being transmitted
Messinet Secure Services was one in the estimated 66% of all internet sites using a
compromised version of OpenSSL on our public website and email servers.
Fortunately, we upgraded our OpenSSL libraries immediately on 2014-04-07
when the announcement was made and the updated packages were available.
In order to protect future SSL/TLS internet transmissions, we also revoked the
potentially compromised StartSSL certificates, re-keyed, and implemented
new certificates on 2014-04-10.
The real problem is that an attacker could access sensitive information from
past connections which may have been captured.
While Messinet Secure Services is now properly re-secured, it is critical that users
with accounts and passwords at Messinet Secure Services change their passwords. This is
the difficult, but final step in the process to overcome the breach created by
Heartbleed. If you are one of the affected users, you will receive an email
with instructions on how to change your password.