Why ANX was unaffected by the Heartbleed bug

Posted April 17, 2014, 2:52 pm by Chris Schramm

Image of Chris

Chris Schramm

It was recently revealed that the Heartbleed bug, a vulnerability in the OpenSSL program that powers encrypted communication to many of the world's web sites and private networks, may have affected as many 500,000 systems.

 

It was recently announced to customers that ANX were not affected because the versions of SSL ANX uses were not vulnerable to the bug.

 

"We initiated both internal and external scans with neither scans showing a compromise in our system's vulnerability," said Jim Schmidt, ANX Executive Vice President of Operations.

 

So why is this a big deal? The bug could expose any data that the OpenSSL process can read. This means usernames, passwords, private keys and even credit card and social security numbers could be easily accessible. 

 

Android, Cisco and Juniper were among the companies that revealed that their phones, firewalls and servers could be affected. This means e-mails, phone messages, phone calls and confidential work information could have been exposed.

 

Luckily, a fix was quickly released. Most vendors required a quick patch to the vulnerable product or system. But the user must implement these patches. That is where there could a massive problem going forward.

 

“Large companies with dedicated IT departments have most likely already ran the patch,” said Kamran Chaudhary, Director of Compliance Technology for ANX. “On the other side, smaller companies that don’t have a full-time IT department may never run the patch. This will leave them exposed to vulnerabilities.”

 

Translation: It might not matter if you change your password. In fact, if you answered secret questions to change your password, that could have been also exposed if the site is vulnerable.

 

“Check if the site is vulnerable before changing a password,” Chaudhary said. “If you are unsure, do not change your password.”

 

Like ANX, many companies and web sites are proactively e-mailing users their Heartbleed status, or check the company’s web site for a special message if they were found vulnerable. Also, users can check a web site’s status using a newly released Chrome extension called Chromebleed, which will warn if the site you are browsing is affected by the Heartbleed bug.

 

ANX is devoted to their mission statement “to protect our customers' information, secure their business interactions and be their trusted platform for collaboration.” Protecting our customers and their customers is at the core of our company. And we work everyday to achieve this.

 
Filed under: Security Threats
Listed in Communities:


You must be logged in to post comments.