XiNiX Security Update? : Heartbleed Issue
-
Saturday, 12th April, 2014
-
01:29am
Dear Customer,
You have probably heard about the “heartbleed” security issue that was discovered earlier this week. This is a major security bug in the popular OpenSSL cryptographic software library. When we were aware of this issue, we took immediate action to resolute this issue. As of now, we do not see any evidence that this heartbleed vulnerability affected or compromised our system.
Even though there is no indication or any evidence that our Customer Portal System is compromised, we strongly recommended that our customer to update/change their password via the portal URL.
Few tips that may assist you with this vulnerability:
1. If you have a secured website with SSL, you may go to the following URL: https://lastpass.com/heartbleed/ or https://www.ssllabs.com/ssltest/ to check whether your site is vulnerable to this heartbleed.
2. If you have a VPN that is using the TLS/DTLS implementation, you should upgrade your OPenSSL with the VPN hardware vendor and generate a new key. Cisco ASA VPN is not affected by this heartbleed. If you are using linux variance, you need to update the OpenSSL to version 1.0.0 via the distribution security repositories.
3. If you are using SSH keys to gain access to your server, then you are OK.
Please let us know if you have any further questions or concerns in regards to this vulnerabilities.
Thank you
Regards,
XiNiX Support Team