Scroll to Content

Update: Heartbleed Bug Update

SaaSplaza Heartbleed Bug and Open SSL vulnerability update April 2014
Hamish Haldane
April 17 2014

STATUS: As of this update, we have received zero reports of exploit attempts for this vulnerability on our environment.

As you are probably aware, a serious flaw was recently discovered in the OpenSSL library. This library is widely used to encrypt traffic on computer networks and is typically used on "*nix" based Operating Systems.

It does not affect Microsoft based Operating Systems and/or services. The full details of the vulnerability are described in CVE-2014-0160: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Approach

SaaSplaza has followed a proactive approach to mitigate this vulnerability through several steps.

Due to the severe nature of this vulnerability SaaSplaza has performed emergency maintenance on 8 April and patched all Internet facing systems. This included client managed systems with OpenSSL enabled Internet facing services.

Last week internal systems that actively use OpenSSL enabled service have been updated through controlled changes. Non-production systems were upgraded during work hours while production systems have been updated on Sunday 13 April.

Communication regarding these updates has taken place to partners with services affected by the upgrades.

Currently, as a last step, systems with a vulnerable OpenSSL implementations, but without services using OpenSSL, are scheduled to be patched. SaaSplaza expects this to be finished by April 17.

Detection

Since April 8 SaaSplaza has performed tests on all it's public and internal network addresses to identify and mitigate this vulnerability. Furthermore, since April 8th, our IDS provider has implemented signatures on their sensors which detect attacks exploiting this vulnerability.

As of this update, we have received zero reports of exploit attempts for this vulnerability on our environment.

If you have any questions about this vulnerability or SaaSplaza's approach to mitigate this vulnerability, please contact the SaaSplaza Service Center.

Go To Previous ArticleGo To Next Article