Peak 10 has confirmed that our network is not impacted by the recently discovered Heartbleed OpenSSL vulnerability. And our solutions engineers are currently consulting with customers that we feel may have vulnerabilities.
According to Peak 10’s Andrew Mametz, vice president of service delivery, Heartbleed is a bug within a small subset of OpenSSL versions that makes encrypted data vulnerable to attacks.
While the flaw has existed for several years, the recent discovery of it was just announced on Monday April 7, 2014. For those who need a quick update on the story, this article was published today in Digital Journal.
By exploiting this flaw, hackers can obtain primary and secondary SSL keys in addition to directly hijacking data being transferred over HTTPS. That’s why we’ve taken every precaution to ensure any of our customers who could be affected are alerted to the issue.
To oversimplify it, the discovery of the Heartbleed bug is similar to Toyota finding defects in several car models and taking precautions to recall them and implement a fix.
According to http://heartbleed.com , the official website where information on this topic can be accessed, there are only a few specific versions of Open SSL that have issues.
David Kidd, Peak 10 Director QA and Compliance, notes that Heartbleed underscores the importance of continued vigilance on the part of information security professionals. “Maintaining information security is an ongoing process that includes monitoring emerging threats and responding to counter them before data is compromised.”
Visit http://heartbleed.com for more details, or https://www.ssllabs.com/ssltest/ if you want to test your specific website for vulnerability. And as always, if you are a Peak 10 customer and have concerns, call our Technical Assistance Center at 1-866-PEAK-TEN or 1-866-732-5836.