Question: Does the Heartbleed bug affect any AAISP servers?
The answer is that no servers are affected that hold customer data or our aa.net.uk SSL certificate secret key. The control and billing pages, email servers and our ticketing system are all running an unaffected version of openssl.
This doesn't mean that we're running out of date software; we still apply backported security patches to those boxes and plan suitable upgrades in the long term.
Unfortunately, however, we had a single test box that was both affected by the bug and held the CAcert signed certificate that we use for our email services. We are therefore going to revoke that certificate and replace the secret key.
The chances of the key having been leaked are tiny, but we think it is worth this measure as a precaution.
Customers who do not have the CAcert root cert installed may see warnings when they connect to our email services. There is more information here: http://aa.net.uk/cacert.html
Please contact support if you have any questions.