Please login to post or view tickets

 
RSS Feed
News
Apr
11
SECURITY ADVISORY - Heartbleed Security Vulnerability (OpenSSL)
Posted by Barry Bahrami on 11 April 2014 10:40 AM

RE: SECURITY ADVISORY - Heartbleed Security Vulnerability (OpenSSL)

A major new security vulnerability has been disclosed.  The flaw, nicknamed “Heartbleed,” is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol.  (This does not necessarily mean they are using OpenSSL.)

CNS does not utilize openSSL for any back-end services and so CNS services are not vunlerable to the Heartbleed flaw.  However, subscribers utilizing open SSL (including stunnel) in their hosted VM's should patch the software immediately and reissue the certificates.

You will no doubt be receiving multiple messages regarding this issue from different sources.  Each will probably advise you to change all of your online passwords.  We agree - it is prudent to change your online passwords - but only after receiving confirmation from the service that their systems have been updated.  Otherwise, you will simply be changing passwords on a still vulnerable system.

One of the best ways to keep your CNS account and services secured is by utilizing our free two-factor authentication.

Please do not hesitate to contact CNS Support if you have any questions or require assistance.

More Information: Heartbleed Bug Exposes Passwords, Web Site Encryption Keys

 


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
© 2016 Commercial Network Services. All rights reserved.
No content may be reproduced or redistributed without express written permission on CNS letterhead.
Only Commercial Network Services subscribers are authorized to use our content during their subscription period.
Permission to use our content may be revoked at any time, and at the sole discretion of Commercial Network Services.
Some content on this site is © by their respective owners.