4/10/2014

"Heartbleed Zero Day" Threat

NEW OpenSSL Vulnerability Advisory

Digital Edge has been and will be continuing to assess our clients risks and potential urgency for patching the new vulnerability, dubbed “Heartbleed”, which is a security concern for users of OpenSSL, a widely-used opensource cryptographic software library. It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, which conceivably could include usernames and passwords of users or other data stored in server memory.

The vulnerability was discovered on April 7 and announced on April 8.

If you are a fully managed client and was not contacted yet, it means you are not under any risk.

If you are managing your own applications/services or part of the Digital Edge private or hybrid cloud, Digital Edge will assist you with upgrading vulnerable libraries.

If you have questions please contact our security team sending an email to support@digitaledge.net.

Thank you

Digital Edge

Michael Petrov

Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.