You may have read in the media about serious security vulnerability in the OpenSSL libraries nicknamed “Heartbleed”.
The following is a snippet from heartbleed.com on the Heartbleed bug.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
If you are concerned about whether RES Software is affected by this bug, you can rest easy. This vulnerability is limited to software that uses the OpenSSL libraries. RES Workspace Manager, RES Automation Manager and RES IT Store implement SSL via the Windows cryptographic service provider algorithms and are completely unaffected. Agents of RES Automation Manager running on Linux use OpenSSL 0.9.7, 0.9.8 and 1.0.0 and are not affected. Lastly, HyperDrive is based on CentOS 6.3, uses OpenSSL 1.0.0 and is not affected.
For More Information
For those of you who want to learn more, here are some resources for help:
- If you have specific security concerns about your RES Software solution, please reach out to the RES Software support team.
- Click here for more information on the Heartbleed Bug.
- Click here for the OpenSSL Security Advisory.