NOTICE DATE:  April 11, 2014

NOTICE TYPE:  M-D041114-01 General

SHORT DESCRIPTION:  ERCOT "Heartbleed" OpenSSL Vulnerability Statement

INTENDED AUDIENCE:  ERCOT Market Participants

DAY AFFECTED:  April 11, 2014

LONG DESCRIPTION:  A serious vulnerability in OpenSSL known as “Heartbleed” was recently discovered that allows anyone with access to a system using the previous  version of OpenSSL to access data that would otherwise be protected by Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption.  Heartbleed gives read access to the memory of the encryption functions of vulnerable servers, allowing attackers to steal passwords and the private keys used to encrypt data transmissions.

ERCOT has completed a review of its systems and has concluded that none of its external market interfacing systems are vulnerable to the Heartbleed vulnerability.  While many news sources recommend changing passwords and reissuing digital certificates to prevent any possible further use of information obtained during the vulnerability, this action is not necessary for passwords or certificates used on ERCOT’s systems. 

CONTACT:  If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask].

If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.

 

 

 

dg