We wanted to provide you with an update on the recently published vulnerability for OpenSSL. Please see here for an explanation regarding the vulnerability.
As soon as we were made aware of this vulnerability we immediately scanned our infrastructure to assess the potential risk.
Our analysis showed that we were not at risk to the vulnerability on our own servers nor on the IaaS or on-site cloud appliances as we are not running an affected version of OpenSSL.
LastPass HeartBleed checking tool is giving false positives. Please use any of the below sites / services that correctly check for HeartBeat vunerability in sites:
We have liaises with LastPass who are using a different algorithm to issue warnings and the SME site has been whitelisted.