HoganTaylor Client Advisory – “HeartBleed” Vulnerability

Dear HT Clients and Friends:

You may have heard of the “HeartBleed” vulnerability in the news. This is a particularly bad vulnerability in OpenSSL and the way it processes heartbeat requests. It is affecting a large number of big-name services, and if vulnerable, servers can leak a random section of their memory which may include transactional data, private keys, internal configurations, passwords and whatever else might be resident in RAM. And unlike mass vulnerabilities that only affect “someone else”, we are seeing this widely in our own work. In our experience, you can query the same server over and over again, thousands of times, pulling all kinds of data from memory without detection.

HoganTaylor’s Risk Assurance group is extending an offer to help you assess your vulnerability  to this issue. HT will scan your external IP addresses. We can scan both external and internal IP addresses. We would need VPN access to your network to complete the testing.

If you have questions or would like to discuss scheduling the scan, please contact Cody Griffin at cgriffin@hogantaylor.com (501.554.3167)