CionSystems Products Are Not Vulnerable to The Heartbleed Bug

CionSystems products are not vulnerable to the Heartbleed bug:

General Information
The “Heartbleed Bug” is a security flaw in OpenSSL’s TLS implementation.  SSL/TLS provide secure the transmission for private information. The bug is actually a memory leak exploit that can potentially lead to the exposure of server keys.  This can result disclosure of private computer memory and private information. It is indeed a very serious vulnerability.
How to diagnose if your systems are vulnerable:
To determine if your systems are vulnerable to the Heartbleed bug, see http://www.kb.cert.org/vuls/id/720951
How to fix systems that are vulnerable to Heartbleed *and* the potential loss of private keys:
If you find any of your systems vulnerable to the Heartbleed bug, the steps typically involved in fixing a system include:

  1. Patching vulnerable systems with OpenSSL 1.0.1g
  2. Regenerating new private keys
  3. Submitting new CSR to your CA
  4. Obtaining and install new signed certificate
  5. Revoking old certificates

Exercise caution when revoking certificates as some systems may become inaccessible.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *