SSL Heartbleed Flaw
Following the Monday announcement of the SSL Heartbleed flaw (and subsequent release of patches), and after careful checking, we have found that none of the core ITR systems for sign-ins were affected. However, non-ITR systems might be affected; we are working on identifying and contacting the owners.
Additionally, ITR has proactively replaced many security certificates. If you are in any doubt about the security of Web sites you use and wish to change your sign-in credentials, know that you might need to change them again in a few days once those outside sites confirm that they have been secured. In the meantime, it might be best to hold off on visiting those sites.