Clavister and Heartbleed
Clavister solutions not affected - here's what you need to know
Heartbleed affects the OpenSSL security system used to protect many global websites, potentially enabling an attacker to steal website encryption keys. Possessing these keys allows attackers to impersonate website administrators, and steal both current and previous traffic passing through the site.
Using the keys, attackers can capture user passwords, financial details, emails and secret documents. The vulnerability existed for two years before being discovered.
Heartbleed is believed to be the most serious vulnerability in SSL security systems to be uncovered, and it poses an immediate risk to companies using affected versions of OpenSSL on their websites, and consumers that have used those websites. Below are a series of actions to help businesses and consumers establish if this vulnerability affects them.
Clavister's products are not affected by this vulnerability, as we do not use OpenSSL for handling any type of SSL traffic.
- Any business using OpenSSL 1.0.1 through to 1.0.1f should update to the latest fixed version of the software (1.0.1g), or recompile OpenSSL without the affected 'heartbeat' extension.
- After moving to an unaffected version of OpenSSL, it's possible that your web server certificates may have been compromised or stolen as a result of exploitation. Contact the certificate authority for a replacement certificate.
- Businesses should also consider resetting end-user passwords that may have been visible in a compromised server's memory.
- This Mashable article gives a useful guide to which popular websites and services may have been affected, and gives the website's recommended advice on whether you need to change your password.
- Avoid potential phishing emails from attackers asking you to update your password - and avoid clicking on links in emails asking you to change passwords. Only visit the official website to change passwords.
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Individuelle Sicherheit bei Gebäude- und Objektschutz
Wer heutzutage von Sicherheitslösungen für Unternehmen hört, denkt vielleicht zunächst an den Schutz der hauseigenen IT. Aber nicht nur Daten und Softwareanwendungen gilt es zu sichern – umfassende Sicherheitsmaßnahmen beinhalten zum Beispiel auch Gebäudesicherung, Perimeterschutz und Brandfrüherkennung, um Mensch, Maschine und Gebäude vor größerem Schaden zu bewahren.Weiterlesen