EG frontend servers don't respond to https:// connections, so there isn't really anything to exploit there. The few management systems we run over SSL are on openssl-0.9.8, which is a branch unaffected by heartbleed.
Our image servers also respond to SSL requests, but again are on 0.9.8 (and don't have anything sensitive on them anyway). Services such as DBs and so forth are all isolated from the internet and so would not be reachable regardless.
We think we're fine, but if you are using your EG password elsewhere, I would recommend changing it because we cannot comment on the security of other systems.
But... if we do find anything of concern, we'll let you all know straight away.
#10260157, By sharpkiddie EG and Heartbleed?
sharpkiddie Staff 473 posts
Seen 1 day ago
Registered 16 years ago