United States

The Heartbleed Bug may be compromising your protected data

Understand the vulnerability and how to verify whether you’re affected

INSIGHT ARTICLE  | 

Heartbleed is a vulnerability in the open-source cryptography library, OpenSSL. Heartbleed gives attackers the opportunity to exploit and potentially read the memory of a server or client, allowing them to retrieve, for example, a server’s Secure Sockets Layer (SSL) private keys. The exploitation of the vulnerability may also allow the attacker to gain additional information, such as usernames and passwords.

This bug was introduced through a programming error by the developers, and the vulnerability was made public this week.

The vulnerability is typically thought of as affecting only Web servers (banking servers, websites, etc.), but the code may also exist in other devices, such as firewalls, virtual private network (VPN) concentrators and others.

Recommendations
If your Web applications are hosted by outside parties, you need to contact them for verification that your application is not affected, or that they have already fixed the issue.

If you are hosting systems that use SSL, you should test the systems as soon as possible to determine if they are vulnerable, and then upgrade or replace the systems without delay. Examples of systems you may host include websites and applications, VPN concentrators, firewalls, wire transfer systems and others.

We are available and ready to provide testing for this vulnerability if needed. If you would like us to test your system to determine if you have the vulnerability or not, please contact us at asvsupport@rsmus.com, or reach out to your RSM contact.

More information regarding this vulnerability can be found at http://heartbleed.com/.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.

LEARN MORE



Events/Webcasts

LIVE WEBCAST

AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016

LIVE WEBCAST

PCI DSS 3.2—What’s next?

  • December 08, 2016

IN-PERSON EVENT

RSM Raleigh Technology Conference

  • October 26, 2016

IN-PERSON EVENT

Emerging risks seminar: 2016 cybersecurity executive forum

  • October 11, 2016

IN-PERSON EVENT

RSM’s 40th Annual National Credit Union Conference

  • October 06, 2016