on April 7th 2014 security researchers unveiled a severe vulerability in OpenSSL's code which allowed attackers to extract potetially sensitive information from arbitrary servers running vulnerable verions of OpenSSL (which included the most recent ones available in most linux distributions' package sources).

As we are also using OpenSSL+nginx for our encrypted communication, Element43 was vulnerable, too. However we deployed the fixed version of OpenSSL almost immediately after it became available. Since our service was/is configured to provide robust forward secrecy, even an attacker in possession of our private key would not be able to decipher data intercepted between you and our server. All certificates have been reissued and we also switched from a RapidSSL single domain certificate to a wildcard certificate. This means that you'll be able to access news.element-43.com via SSL now :D

There is a very very low (like really low) chance that our services were actually compromised. Nevertheless we highly recommend you to update your password.

- zweizeichen