Most of you are, by now, aware of the 'Heartbleed' bug which presents serious vulnerabilities in the OpenSSL library. This weakness allows one to read the memory of an OpenSSL protected system. Nevertheless, not all OpenSSL versions are vulnerable. You can find further information on the bug and vulnerable versions of OpenSSL on the web at http://heartbleed.com
The 'Heartbleed' bug has been a major concern for AFRINIC over the past week and we would like to assure our members and the community that all our systems have been thoroughly verified and updated when found to be vulnerable.
We would like to point out that a particular attention was given to the MyAFRINIC member portal, our financial systems and to RPKI hosts to ensure that the vulnerability was not exploited to obtain privileged information.
Furthermore, we would like to emphasise that, for our members who make use of AFRINIC's online payment feature, transactions are forwarded directly to our financial provider's gateway so no credit card information could be leaked via the MyAFRINIC portal. Moreover, we have contacted our financial provider and have been assured that their systems were safe from that threat.