ASPnix – OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

[singlepic id=37 float=left h=182 w=150] We’ve had a few concerned clients contact us regarding our current position and status about the OpenSSL Heartbleed vulnerability and after reviewing all software on our network we can happily say we are not at risk. Our web servers are all powered by IIS which does not use OpenSSL for its SSL implementation, SmarterMail and SmarterStats also use Microsoft’s .Net framework for their SSL implementation. SQL Server does not rely on OpenSSL either. The only software we currently use that relies on OpenSSL is PRTG (network and server monitoring systems) and our Gene6 FTP server services. Both applications use OpenSSL, but use a version that is prior to the 1.0.1 release that opened this vulnerability. MySQL itself (the community version) uses yaSSL instead of OpenSSL which is not known to suffer from this vulnerability.

Customers can rest easy knowing that we are not open to such vulnerabilities! If you have any questions or concerns about this vulnerability, please do not hesitate to contact us!

If you are curious to see if a specific website is vulnerable, you can use this website to test – http://filippo.io/Heartbleed/

Thank you again for choosing ASPnix!