20140411 - Important Information Regarding Heartbleed Bug

Late Monday, April 7, 2014, the OpenSSL project, the popular open source cryptographic library, released an update to address a serious security vulnerability nicknamed "Heartbleed".

The vulnerability may enable an adversary to obtain data portions of a web server's memory. While Heartbleed isn't a flaw with SSL certificates or the SSL/TLS protocol itself, the exploitation of the bug can lead to compromised private keys, passwords and other sensitive data.

Impact to ETRN systems:

We currently have no indication that any data was compromised from any of our systems.

What we have done about this:

  • After learning about Heartbleed, we quickly responded by appropriately patching all affected systems.
  • We have replaced all affected SSL Certificates with newly keyed certificates.
  • We have revoked the old SSL certificates.
  • We have tested our systems to verify this issue has been mitigated using this tool: http://filippo.io/Heartbleed/
  • We continue to monitor this issue for new developments.

What you should do

While there's no indication that ETRN user data has been impacted, we strongly recommend that users update their ETRN account passwords. As this issue applies to all Internet services that used the vulnerable OpenSSL libraries, you should also change your passwords with all Internet services that you use.


We appreciate your patience during this work and welcome any feedback. Thank you for being a ETRN customer. Please contact us if you have any questions.

We Answer Your Questions: FAQ

Q: What is the maximum e-mail attachment size?

A: The ETRN.com e-mail servers do not limit the size of individual e-mail attachments. The ETRN.com e-mail servers do impose a 400 MB maximum total message size limit. Individual customers can choose a smaller message size limit. We can also customize the handling of "over-sized" e-mails. Please contact us to discuss your specific needs. A couple of important facts:

1. Attachments are typically encoded in what is called Base64[1]. As a result, the actual length of MIME-compliant Base64-encoded binary data is usually about 137% of the original file size.

2. E-mails often contain both plain text and HTML components. This also increases the overall size of the e-mail.