Heartbleed: SSL Zero-Day Vulnerability

An OpenSSL vulnerability known as the Heartbleed Bug has been reveled, which affects nearly two thirds of the Internet’s servers. This bug allows attackers to exploit a critical programming flaw in the SSL/TLS encryption protocol. Since Secure-Socket Layer (SSL) and Transport Layer Security (TLS) are at the heart of Internet security, this security hole is very serious.

 

The vulnerability causes servers to leak their stored data to reveal not just personal data such as emails, instant messages, and files; but the primary and secondary SSL keys such as usernames and passwords. This data could then, in theory, be used as a skeleton keys to bypass secure servers without leaving a trace that a site had been hacked.

 

Please rest assured that all Network Box systems, which have been updated to the latest security patch levels, are NOT affected by the Heartbleed SSL Zero-DayVulnerability.