Follow

OpenSSL/Heartbleed Security Update April 8th 2014

On April 7, the OpenSSL project issued a Security Advisory that detailed a serious vulnerability in the encryption software in use by a large percentage of the internet. This vulnerability (nicknamed “Heartbleed”) would potentially allow attackers to retrieve information from encrypted SSL endpoints.

See http://www.heartbleed.com for more information.

Some background to the issue

OpenSSL technology is used by a large number of websites and web applications to encrypt data communicated between the user's web browser and the server. Like most modern applications, we use OpenSSL as part of our product stack. However not all versions are susceptible to the vulnerability.

We immediately responded to this critical issue by conducting an extensive security review of both our products; VisibleThread for Docs and Clarity Grader.

How does this impact you as a VisibleThread for Docs or Clarity Grader customer?

In some cases, there are no remediation steps. We summarize which VisibleThread products and services are impacted by the vulnerability below:

Case 1: VisibleThread for Documents on-premise (behind the firewall) customers

We currently have 2 versions of our packaged software deployed as Virtual Appliances. The issue affects one and not the other. 70% of our behind the firewall customers are unaffected by this issue.

We have contacted the technical and business points of contact for all our on-premise customers individually. We advised if they are affected and exact steps on how to resolve the issue.

Please note: Even if you are affected, the VisibleThread on-premise deployment is running self-contained behind your corporate firewall and so this vulnerability is very low risk in normal corporate settings.

What you need to do?

Follow the instructions in this article to check if you are impacted by this issue, and how to remediate.

Case 2: VisibleThread for Documents Cloud (on-demand) customers: 

The VisibleThread Cloud on-demand service at vt1.visiblethread.com is not impacted by this vulnerability at all.

What you need to do?

In this case, no action is required on your side.

Case 3: Clarity Grader Cloud customers:

Our Clarity Grader service (https://dashboard.claritygrader.com) was impacted by this vulnerability. We have secured Clarity Grader's authentication infrastructure against Heartbleed by upgrading the OpenSSL library.

We do not believe any Clarity Grader accounts were compromised. We are taking proactive action to ensure our customers' security and continue to monitor our secure servers in RackSpace (NYSE: RAX).

What you need to do?

While we do not believe you have been compromised, to be safe, we recommend that you sign in to Clarity Grader and reset your password at https://dashboard.claritygrader.com

 ----------

Please don't hesitate to contact us at support@visiblethread.com if you have any questions regarding this issue.

VisibleThread Support Team

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.