Posted: Tuesday, 15 April 2014
ARIN is committed to the highest level of security for our production environment and safeguarding our customers' data. We are sure you are aware that there has been a serious vulnerability with the underlying SSL encryption technology that is widely used by both the industry and at ARIN. This bug has been widely reported and called "Heartbleed" (http://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability). ARIN has investigated all of its systems and made the appropriate corrections to reduce vulnerabilities; in this process we did not discover any evidence of issues due to Heartbleed.
At this time we have no indication to suggest that any ARIN system or customer account was compromised. However, because of the complexity of this vulnerability, ARIN recommends that:
- ARIN Online users change their passwords of their user accounts
- Create new API keys and deactivate their existing API keys.
- Enable CRL and OCSP checking within your tools that interact with SSL encryption to ensure you are connecting to the correct site.
Please contact firstname.lastname@example.org if you have any questions.
Chief Technology Officer
American Registry for Internet Numbers