NEW OpenSSL Vulnerability Advisory
Digital Edge has been and will be continuing to assess our clients risks and potential urgency for patching the new vulnerability, dubbed “Heartbleed”, which is a security concern for users of OpenSSL, a widely-used opensource cryptographic software library. It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, which conceivably could include usernames and passwords of users or other data stored in server memory.
The vulnerability was discovered on April 7 and announced on April 8.
If you are a fully managed client and was not contacted yet, it means you are not under any risk.
If you are managing your own applications/services or part of the Digital Edge private or hybrid cloud, Digital Edge will assist you with upgrading vulnerable libraries.
If you have questions please contact our security team sending an email to firstname.lastname@example.org.