I’m sure you’ve seen the news coverage of the Open Secure Socket Layer (OpenSSL) security issue called “Heartbleed”. This vulnerability can allow hackers to steal certificates, session keys, passwords and other sensitive data from server memory, while remaining undetected.
What does that mean? Simply put, the bug allows anyone on the internet to read system memory. It’s a leak of information that the top providers of online services were affected by! Some sites that may have been affected include: Google, Yahoo, Facebook, Twitter… Thinking of a major website or account you have online? It probably was affected.
We are an online service and security provider. Unlike many of the top services over 90% of Americans rely on, our cloud computing system was not affected by “Heartbleed”.
5i Solutions, Inc. takes its clients’ critical document security very seriously, as one of our additional services, we can run penetration tests on our clients networks looking for weakness’s and offering suggestions and security upgrades. We also test our own network regularly and because of that we were out in front of the “Heartbleed” threat.
5i Solutions, Inc. primarily uses Microsoft software and services, none of which use the Open Secure Socket Layer (OpenSSL), furthermore 5i Solutions, Inc. uses Secure File Transfer Protocol (SFTP, and a brand not effected) NOT File Transfer Protocol over Secure Socket Layer (FTPS). As an added layer of security, we strictly control access to our systems using Unified Threat Management (UTM) enabled firewall clusters that include Intrusion Detection Services (IDS) / Intrusion Prevention Services (IPS). All of our UTM appliances have a sensor for heart bleed, we are enforcing this sensor as an additional layer of security. All of 5i Solutions, Inc.’s 3rd party web applications have passed our SOP security checks and are not vulnerable.
Companies that contracted with 5i Solutions, Inc. to have critical data stored did so with complete confidence that it would be protected. We are happy to confirm that even though large companies such as PayPal, Dropbox, Box and Bank of America were vulnerable, 5i Solutions, Inc. was not.
If you are concerned about your personal data on other sites, please use this link to check whether those sites were vulnerable and if you should change your password.
5i Solutions, Inc. suggests changing all your passwords regularly but specifically at all sites you may have personal data at that were affected.
You can find more in depth information here:
- http://www.us-cert.gov/ncas/alerts/TA14-098A
- http://heartbleed.com/
- https://www.schneier.com/blog/archives/2014/04/heartbleed.html
