The Heartbleed Bug may be compromising your protected data
Understand the vulnerability and how to verify whether you’re affected
INSIGHT ARTICLE |
Heartbleed is a vulnerability in the open-source cryptography library, OpenSSL. Heartbleed gives attackers the opportunity to exploit and potentially read the memory of a server or client, allowing them to retrieve, for example, a server’s Secure Sockets Layer (SSL) private keys. The exploitation of the vulnerability may also allow the attacker to gain additional information, such as usernames and passwords.
This bug was introduced through a programming error by the developers, and the vulnerability was made public this week.
The vulnerability is typically thought of as affecting only Web servers (banking servers, websites, etc.), but the code may also exist in other devices, such as firewalls, virtual private network (VPN) concentrators and others.
If your Web applications are hosted by outside parties, you need to contact them for verification that your application is not affected, or that they have already fixed the issue.
If you are hosting systems that use SSL, you should test the systems as soon as possible to determine if they are vulnerable, and then upgrade or replace the systems without delay. Examples of systems you may host include websites and applications, VPN concentrators, firewalls, wire transfer systems and others.
We are available and ready to provide testing for this vulnerability if needed. If you would like us to test your system to determine if you have the vulnerability or not, please contact us at firstname.lastname@example.org, or reach out to your RSM contact.
More information regarding this vulnerability can be found at http://heartbleed.com/.