Heartbleed Flaw - The SSL security issue
by Richard Matthews Technical Director
Posted on April 10, 2014
You may have heard about the recent security issues associated with the Heartbleed bug / Open SSL. We thought it might be an opportunity to clarify the issues and confirm that NXT has taken all necessary precautions for those client websites that we manage.
We regularly hear there are security threats associated with viruses and spam mail, but by all accounts this security flaw will have some major implications. The issue has been created through a bug in OpenSSL - a cryptographic library that is used to secure a very, very large percentage of the Internet’s traffic — has just been discovered and publicly disclosed. So this means the software library used in servers, operating systems, email and instant messaging systems to protect internet traffic as it travels back and forth. More than 53% of the web servers which host more than 500 million websites use the software which relies on OpenSSL – so very serious!
The main flaw is that the bug targets the libraries that manage SSL security but the good news is that this won’t affect NXT clients with SSL certification. As a business our focus is developing on the Windows side of the development divide rather than alternative open source languages such as Ruby and PHP. NXT manages client sites and infrastructure using Windows Server / Microsoft IIS as our server / internet information service and this is not affected – for more information please read Microsoft’s blog.
We’ve spoken to our dedicated server team and they have also re-tested our "concern" sites where there could have possibly been an issue with certification. There is also a new version to patch the flaw (which has been updated across all their servers). If you’re still concerned about other sites and you're using Chrome as a browser, you could use this Chrome extension to test to see if sites are affected.
If you have any questions, please get in touch with us to discuss.
About the Author
Richard heads up our technical / development teams overseeing all code creation and integrations. Richards primary skill set is a background in C# .NET but because of the diverse nature of the digital landscape Richard is very familiar with most frameworks and languages but he's happiest when "knee deep in the code". When Richard is out of the office he's either gardening (with a Peroni) or watching CBeebies & TinyPop with Harry and Ben.