Unaffected by “Heartbleed” Vulnerability

Many people will have heard of the so-called “Heartbleed Vulnerability” that has afflicted many organizations:

The plain truth is that many organizations spend far more on touting their wares and services online and making their web sites as user friendly as possible than they do on safeguarding information. The Heartbleed bug underscores the dangers that lurk in the underbrush, ready to ambush even the most sophisticated of Internet players. And it ought to prompt much more serious investment in strong security measures and the capacity to quickly detect flaws and squelch breaches.

Unlike the malware attack that resulted in the stunning theft from Target Corp. of about 40 million payment card numbers and some 70 million customer records, the Heartbleed bug was not concocted by some clever teenage hacker for criminal clients. It’s a critical software programming glitch in a data encription standard called OpenSSL, one that has existed for the past two years. OpenSSL is widely used to safeguard traffic between web users and a vast number of servers storing data for a majority of web sites.

This has extended even to the Canada Revenue Agency:

A major cybersecurity flaw that exposes encrypted information to hackers has forced the Canada Revenue Agency to shut down its filing system and push back the deadline for online returns.

I am pleased to advise that as part of the migration of PrefLetter to a new server, the operating system changed from Linux to MS-Windows. Windows is unaffected by the Heartbleed Vulnerability:

Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.

Leave a Reply

You must be logged in to post a comment.