This week, a serious new vulnerability was discovered in the OpenSSL encryption software. Affecting about two thirds of all web servers, untold devices, and potentially compromising data such as SSL certificates, private keys, usernames, and passwords, this vulnerability has spread fear among treasuries who now must ask themselves if their data is secure.
To understand how Heartbleed affects BELLIN customers, we approached (security manager) Mirek Pijanowski, CISM to ask what this means for treasurers.
First, how has Heartbleed affected BELLIN?
As soon as the vulnerability was published our security team performed a full review of our internal and external systems, including servers which use our wildcard mytm5.com or treasurydb.com certificates. We were pleased to find that none of our customer facing sites were susceptible. In fact, the only vulnerable system within our ASP network was an internal-use network device, which was immediately quarantined, and the non-customer facing certificate used was revoked. We’ve since worked with the vendor to update it, reissued the affected certificate, and returned it to full use.
BELLIN customer data is completely safe.