2014-09-26: 19:26 UTC     Statement on Shellshock

Shellshock is the name given to a security vulnerability in the bash (Bourne-again shell) command-line interepreter that provides a simple pathway for a remote attacker to execute arbitrary commands on an affected machine.

None of the servers in our primary data center have the bash interpreter installed and as such they aren't vulnerable to this exploit. These are the systems that handle inbound email, IMAP/POP, SMTP, LDAP, ManageSieve, and webmail.

The VPS instances that we do use (for the main website and for this status page) don't have bash as the default shell and we're certain that they weren't exploitable. Regardless, these instances were immediately patched when we learned of the vulnerability on Wednesday.

Page delivered in 0.024559 seconds, 40 files included