Stopping the Bleeding

Heartbleed has been big news in both the security industry and mainstream media for more than a week now.  Our partners and customers tend to be very security conscious so they have been doing their due diligence. As a result, we have fielded many inquiries asking if Heartbleed impacts WinMagic and SecureDoc. We looked into this and it doesn’t.

If you are reading this blog you  probably already know all about Heartbleed, but if not, this is a good site to check out: heartbleed.com to learn more. In short, Heartbleed is a serious bug that affects servers that utilize some versions of the open source “OpenSSL” cryptographic library. By some counts OpenSSL is used by over half of the world’s servers (mostly Linux based) so it’s definitely a wide spread problem. Since the bug can be exploited to read a servers memory and potentially expose encryption keys, usernames, passwords and other sensitive data it is a very serious problem too.

While Heartbleed is a serious problem, it’s also a relatively easy problem to detect and correct if your site has it. I used this tool ssllabs.com/ssltest  to check websites for the bug. After you run it, look for the sentence “This server is not vulnerable to the Heartbleed attack. (Experimental)” in the output.

Heartbleed is also relatively easy to address because the newest version of OpenSLL has a fix.

As I stated up front, WinMagic is not impacted by Heartbleed. Our website doesn’t have the Heartbleed bug nor does SecureDoc. The SecureDoc Enterprise Server (SES) has a web console interface but it doesn’t use OpenSSL to protect the connection to the browser. OpenSSL’s SSL/TLS is not used to protect the communication between the encryption client on the end point and SES/SDConnex either.

To sum up, SecureDoc and WinMagic are not impacted by Heartbleed and while it’s a widespread and serious bug, it’s one that is easy to detect and fix.  Most mainstream services should have it patched within a week if they haven’t already done so. Personally I am going to follow the advice of the service providers and change my passwords once they have applied the patch.

Previous Post
Managing BitLocker in the Enterprise
Next Post
SecureDoc Updates Are Here!

Related Posts

RSA 2017: Protecting Data Everywhere

The RSA Conference began in 1991 as a forum for cryptographers to gather and share the latest industry knowledge. In 1997 – just 6 years later – WinMagic launched into the data security market – offering software full disk encryption.…

A more BYOD friendly MDM

If Cisco’s forecasts are accurate, in a couple of months the number of mobile-connected devices will exceed the number of people on the planet, and by 2017 there will be nearly 1.4 mobile devices per each person. (more…)

Crypto-Currencies

Bitcoin, the first and most successful virtual currency has had an impressive year. Not only did its exchange value rocket up to over $1000 US, but also it expanded outside the world of online shopping into brick and mortar stores.…

Last Day Exhibiting At Interop

Today is the last day we will be exhibiting at Interop – New York. Come by and visit Booth #548 to learn about the latest in our data encryption solutions. We have specialists on hand who can answer any of…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu