Heartbleed vulnerability

FYI, since the announcement of this bug in openSSL yesterday, we have taken steps to ensure that electric imp is not susceptible to this security issue:

  • the channel between imps and the imp server is not vulnerable to this bug.
  • some of our browser services, eg www.electricimp.com, were vulnerable. These have been updated to the latest openSSL.
  • our IDE and agent API services are behind Amazon ELBs, which were vulnerable. Amazon is working to fix everyone’s ELB.
  • We verified our ELBs and they appear to have been fixed now, so we have generated new private keys and reissued our certificates

If people have further questions, please ask either here or by emailing us.