Clavister and Heartbleed

Clavister solutions not affected - here's what you need to know

Schorndorf, (PresseBox) - You will have heard about the 'Heartbleed' vulnerability (CVE-2014-0160) which was revealed earlier this week.

Heartbleed affects the OpenSSL security system used to protect many global websites, potentially enabling an attacker to steal website encryption keys. Possessing these keys allows attackers to impersonate website administrators, and steal both current and previous traffic passing through the site.

Using the keys, attackers can capture user passwords, financial details, emails and secret documents. The vulnerability existed for two years before being discovered.

Heartbleed is believed to be the most serious vulnerability in SSL security systems to be uncovered, and it poses an immediate risk to companies using affected versions of OpenSSL on their websites, and consumers that have used those websites. Below are a series of actions to help businesses and consumers establish if this vulnerability affects them.

Clavister's products are not affected by this vulnerability, as we do not use OpenSSL for handling any type of SSL traffic.

For businesses:

ƒƒ- Any business using OpenSSL 1.0.1 through to 1.0.1f should update to the latest fixed version of the software (1.0.1g), or recompile OpenSSL without the affected 'heartbeat' extension.

ƒƒ- After moving to an unaffected version of OpenSSL, it's possible that your web server certificates may have been compromised or stolen as a result of exploitation. Contact the certificate authority for a replacement certificate.

ƒƒ- Businesses should also consider resetting end-user passwords that may have been visible in a compromised server's memory.

For consumers:

ƒƒ- This Mashable article gives a useful guide to which popular websites and services may have been affected, and gives the website's recommended advice on whether you need to change your password.

ƒƒ- Avoid potential phishing emails from attackers asking you to update your password - and avoid clicking on links in emails asking you to change passwords. Only visit the official website to change passwords.

Website Promotion

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Individuelle Sicherheit bei Gebäude- und Objektschutz

Wer heut­zu­ta­ge von Si­cher­heits­lö­sun­gen für Un­ter­neh­men hört, denkt vi­el­leicht zu­nächst an den Schutz der haus­ei­ge­nen IT. Aber nicht nur Da­ten und Soft­wa­re­an­wen­dun­gen gilt es zu si­chern – um­fas­sen­de Si­cher­heits­maß­nah­men be­in­hal­ten zum Bei­spiel auch Ge­bäu­de­si­che­rung, Pe­ri­me­ter­schutz und Brand­früh­er­ken­nung, um Mensch, Ma­schi­ne und Ge­bäu­de vor grö­ße­rem Scha­den zu be­wah­ren.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.