There’s been a lot in the news recently about the ‘Heartbleed’ security vulnerability and how you should be updating all your passwords. In brief, the vulnerability only affects servers using a certain security module, and in particular it affects Linux servers. Windows servers are not affected.

For more info see http://www.theregister.co.uk/2014/04/08/running_openssl_patch_now_to_fix_critical_bug/

Our Linux service has had this vulnerability patched and is secure, so if you wish to change your email passwords and other passwords under your control it is now safe to do so. (There is no point changing passwords on an unpatched server!). We’ve no reason to believe that our server has been targeted or accessed in any way, but in view of the module being in use, we would still err on the side of caution. None of the other services we offer are affected.

Aside from services at Calico, you’ll obviously be concerned about other services/website that you access . We would advise you ensure that systems have been patched before doing your password update. We would also recommend that you make sure any new passwords are ‘strong’ (ie at least eight characters long, and a mixture of upper and lower case letters, numbers and symbols) – don’t use common words. We also recommend that passwords are unique and that you don’t use the same passwords in different places (eg don’t use the same password for mail, Facebook, Twitter, etc).

If you have any queries about this, please don’t hesitate to contact our team – 01381 600580 or email [email protected].