As you may be aware, a major vulnerability has recently been discovered for OpenSSL, the popular encryption software that powers 2/3 of the web. Some LogMeIn services and products rely on OpenSSL, including the LogMeIn Free and Pro hosts used in our popular remote access products.
We take the security of our customer data very seriously and at this time have no evidence of any compromise, but like many web companies, our security team took immediate action to proactively address the issue.
We've updated the LogMeIn host and related services to close the vulnerability, and we're advising that customers take the following precautionary steps:

1. Check to confirm you're running on the latest version of LogMeIn.

You can do that by hovering your mouse over computers in your Central or My Computers page on the LogMeIn.com site.
OR by right clicking on the LogMeIn icon in your systems tray and opening LogMeIn Control Panel and click on the About tab.

Confirm version number 4.1.0.4144 and above for Windows or version number 4.1.0.4145 and above for Mac
If you are using an older version, please click the Check Updates button in the LogMeIn Control Panel (as described above), and update the software.

2. Change your Windows PCs or Macs passwords – This is for your computer login credentials only. You do not have to change your LogMeIn account login.

3. Take a minute to review our FAQ on the LogMeIn help site.

In addition, our security team continues to perform a rigorous diagnostic investigation to ensure the protection of our users, and will provide additional product-specific updates if necessary.
Thanks,
The LogMeIn Team

Millions of smartphones and tablets running Google Inc.’s Android operating system have the Heartbleed software bug — a sign of how broadly the flaw extends beyond the Internet and into consumer devices.

Although Google said in a blog post last week that all versions of Android are immune to the flaw, it added that the “limited exception” is one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said less than 10 percent of active devices are vulnerable.

The Heartbleed vulnerability, which was made public last week, can expose users to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said.

Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.

We recently published an announcement for the OpenSSL 1.0.1 vulnerability ("Heartbleed Bug") that has been making big headlines this week.  This vulnerability is very serious because it can allow an attacker to get the private keys that are being used to secure the communication, making it possible to launch a man-in-the-middle or other impersonation attack.
Our engineering and support teams have reacted quickly and patch releases for all affected Aruba products have been made available. Our OEM partners, our customers with active support contracts and AirWave 8.0 beta customers have all been notified. Many members of our Airheads Community have already started taking action.
Which Aruba products are affected?

• Affected versions: ArubaOS 6.3.x, 6.4.x and ClearPass 6.1.x, 6.2.x, 6.3.x. Previous versions of these products used an earlier version of OpenSSL that is not vulnerable.
• Aruba Instant and Aruba Mobility Access Switches are NOT affected.
• Aruba Central cloud-based management has been upgraded successfully.
• Patch release for AirWave 8.0 beta is now available on our support site.
• Patch release for Aruba Mobility Controllers running 6.3.x and 6.4.x versions of ArubaOS, including FIPS version, is now available on our support site.
• Patch release for Aruba ClearPass 6.1.x, 6.2.x and 6.3.x versions of software is now available on our support site.

What’s your best course of action?

• Understand that this is an industry- and internet-wide vulnerability and Aruba is not the only one affected.

• We recommend that you review Aruba security bulletin before calling Aruba support. It is important that any affected infrastructure components are upgraded to the available patch release immediately.

• As a pre-caution, it is recommended that you update administrative access passwords to Mobility Controllers and ClearPass after the software upgrade.

• Security policy for some of you may require server certification on Mobility Controllers and ClearPass to be re-issued. If the ClearPass server certificate is updated, and you have utilized the “ClearPass Onboard” functionality to onboard employee mobile devices to the network will have to take one more step: you will have to educate your users to re-connect to the wireless network and onboard their devices again to download the latest server certificate.

Dear Carbonite User,

As you may have seen in recent news, a major vulnerability has been exposed in OpenSSL, a popular web encryption software used widely across the internet. This vulnerability - dubbed Heartbleed - makes it possible for hackers to access information transmitted from your computer even though it is being encrypted via the HTTPS protocol.

Carbonite Personal and Pro subscriptions do not use the affected encryption software. Your personal data was never at risk. With Carbonite's Personal and Pro subscriptions, your data is protected by the following safeguards:

• Encryption: Your data is encrypted while on your computer and securely transmitted to our data centers, where it stays encrypted.
• Data centers: Our state-of-the-art data centers are guarded 24/7, employ temperature control and biometric scanners, and have backup generators in the event of a power disruption.
• Third-party compliance audit: We recently completed a six-month audit with an outside firm to ensure all of our practices meet the strict federal guidelines of HIPAA and the AICPA guidelines for SOC 2. The external auditor found that we met or exceeded the requirements.

If any of your other online vendors have been impacted by Heartbleed and you use the same password as you do for Carbonite, we recommend changing both passwords. Your Carbonite password should only be used for our service, and data security best practices state that a password should be at least 10 characters, with capital letters, numbers and symbols. For more on changing your password, please refer to the Knowledge Base.

Thank you for trusting us with your data.

Sincerely,

The Carbonite Customer Support Team