OpenSSL ‘Heartbleed’ Vulnerability (CVE-2014-0160)

There has been a lot of coverage concerning the following vulnerability:

https://www.us-cert.gov/ncas/alerts/TA14-098A

We are pleased to be able to report that none of our systems are affected because we are currently running OpenSSL version 0.9.8 across the board.

During the current life cycle phase (Production 3) for the release of Linux we are at present using, the vendor is committed to the following:

“Critical Impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate.”

In other words, critical security flaws will be back ported and implemented into the software versions this version of Linux is running, as appropriate and where necessary.

The end of production phase for this version of Linux is March 31, 2017 with an extended end of life phase running through to Q1 2020.

Testing:

You can test if a site is vulnerable to this issue using one of the following online scanning services:

Heartbleed test by Filippo Valsorda:
http://filippo.io/Heartbleed/

Qualys SSL Labs:
https://www.ssllabs.com/ssltest/

This is a comprehensive SSL test. Regarding Heartbleed specifically though, if all is well, the results will report:
“This server is not vulnerable to the Heartbleed attack. (Experimental)”

Remember though, just because a site is OK now, doesn’t mean it wasn’t affected in the first place. If you are uncertain even though the above test(s) are coming back clean, you should logout from the service and change your passwords. Also consider using two factor authentication where available.

For further information on password security, please also see:
http://www.ecologicalhosting.com/news/password-security-17-05-2013

Responses from the Major Players:

Mashable have created a substantial list of major sites and listed any response they’ve had from them:

Additional Reading:

This entry was posted in News, Security News and tagged , , , , , . Bookmark the permalink.

Comments are closed.