ARIN is committed to the highest level of security for our production environment and safeguarding our customers’ data. We are sure you are aware that there has been a serious vulnerability with the underlying SSL encryption technology that is widely used by both the industry and at ARIN. This bug has been widely reported and called "Heartbleed".
http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability ARIN has investigated all of its systems and made the appropriate corrections to reduce vulnerabilities; in this process we did not discover any evidence of issues due to Heartbleed. At this time we have no indication to suggest that any ARIN system or customer account was compromised. However, because of the complexity of this vulnerability, ARIN recommends that: 1) ARIN Online users change their passwords of their user accounts 2) Create new API keys and deactivate their existing API keys. 3) Enable CRL and OCSP checking within your tools that interact with SSL encryption to ensure you are connecting to the correct site. Please contact hostmas...@arin.net if you have any questions. Regards, Mark Kosters Chief Technology Officer American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-announce Please contact i...@arin.net if you experience any issues.
