SecureAuth: Heartbleed and Open SSL Vulnerability

SecureAuth’s Garret Grajek, CTO/COO recently posted in the company blog that SecureAuth solutions and its customer base were not affected by the “Heartbleed” OpenSSL zero-day vulnerability. The Heartbleed vulnerability is described as a significant hack in OpenSSL libraries.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Grajek describes the seriousness level of the Heartbleed Attack as “very serious.” “This type of attack is EXACTLY why sites are encrypted with SSL. What is worse is that the vulnerability has been reported open as long as 2 years. EVEN worse is that if your data was on a shared resource, then all of the information was available to everyone. “ “ While your data might have been segmented at the web layer, it is not segmented in the server’s memory. “

The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory at https://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

About SecureAuth

Located in Irvine, California, SecureAuth is a technology leader providing 2-Factor Access Control to mobile, cloud, web, and network resources, serving over 10 million users worldwide. The SecureAuth IdP all-in-one, completely scalable solution manages and enforces access based on existing user entitlements.

For the latest insight on enterprise security, visit www.secureauth.com for additional information.