******************************************************************************************
EXTERNAL email. Please be cautious and evaluate before you click on
links, open attachments, or provide credentials.
******************************************************************************************

NOTICE DATE:  April 11, 2014
NOTICE TYPE:  M-D041114-01 General
SHORT DESCRIPTION:  ERCOT "Heartbleed" OpenSSL Vulnerability Statement
INTENDED AUDIENCE:  ERCOT Market Participants
DAY AFFECTED:  April 11, 2014
LONG DESCRIPTION:  A serious vulnerability in OpenSSL known as "Heartbleed" was recently discovered that allows anyone with access to a system using the previous  version of OpenSSL to access data that would otherwise be protected by Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption.  Heartbleed gives read access to the memory of the encryption functions of vulnerable servers, allowing attackers to steal passwords and the private keys used to encrypt data transmissions.
ERCOT has completed a review of its systems and has concluded that none of its external market interfacing systems are vulnerable to the Heartbleed vulnerability.  While many news sources recommend changing passwords and reissuing digital certificates to prevent any possible further use of information obtained during the vulnerability, this action is not necessary for passwords or certificates used on ERCOT's systems.
CONTACT:  If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask]<mailto:[log in to unmask]>.
If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.



dg