Security Update Performed to Address OpenSSL Vulnerability
We understand that your information is your livelihood and it must be kept secure.
Our engineering team has been working to assess the impact for our users in the wake of the April 7th disclosure of CVE-2014-0160, known as Heartbleed.
We join nearly every Internet service provider in responding to this critical vulnerability in SSL. Our obligation as a custodian of your data compels a unique urgency with disclosures such as these – here’s what we know, what you need to do and where you can find additional help from us.
Service Objects audit results
We have reviewed all Service Objects Web Services for impact for the issue described in CVE-2014-0160.
We have determined that our web services were unaffected and do not require customer action.
The Service Objects website and Service Objects account portal was discovered to be vulnerable and was patched at 8:30 AM PDT on April 9, 2014. After our review of the account activity there is no evidence that any Service Objects user accounts were compromised.
How to determine if your application is affected by Heartbleed
While Service Objects Web Services appear to be unaffected, we recognize a number of you may be using hosting providers or OpenSSL deployments that may be. Here is a quick walkthrough of how to determine if your application is affected.
- Filippo Valsorda’s Heartbleed Test
- 1st Limited’s Heartbleed Test
- Jared Stafford’s Proof of Concept exploit in Python
Still have questions?
We hope this answers your questions about the impact of CVE-2014-0160 on your Service Objects applications. Feel free to reply this post by reaching out to Customer Support with follow up questions.
We’ll continue to monitor this issue as the community and vendors investigate this vulnerability further.