The Heartbleed compromise is biblical in its proportions. Vox has a concise description here. Since pretty much everyone uses OpenSSL, including us, it is safe to say that everyone's data is at risk until versions are up to date.
As a user, there isn't much you can do about it, since you're relying on the underlying components that your service provider has integrated. We've spent the last hours digging in to our resources to understand our exposure and to build a remediation plan.
Silo isn't like most other products. We rely on a minimal Internet surface area, instead building point to point secure connections between our resources using our own protocols. But at some point, our browser in the cloud needs to connect to a third party web site over HTTP connections.
After evaluating pretty much every aspect of our system, we are comfortable reporting that we don't consider ourselves vulnerable to Heartbleed. We will continue to assess, and we've identified some things that we can patch and improve. These actions will continue in the coming days.
But it is important to know that just because Silo is safe, that doesn't mean your data is safe. If you use Silo to connect to a site that is vulnerable to Heartbleed your data may be at risk.
We suggest that users keep an eye on their providers for similar statements of updates and patches in the coming days. This is a big enough issue that technical teams at every web company are assessing and fixing.
If you have any questions or comments, contact us at [email protected].