As you may have now learned, there is a very serious vulnerability that has been discovered in the OpenSSL 1.0.1 library. This vulnerability can allow an external attacker to extract segments of memory from a remote system without leaving any traces. The information in memory could contain vital security information, including private keys. It is important to know that this vulnerability has the potential to impact numerous online services, networks and systems given the wide use of this impacted library.
Given the potential impact of this vulnerability, Zensar strongly recommends that all services that may use the OpenSSL service be checked to determine potential impact. To assist in this effort, there are several assessment tools that can check for this, and other known SSL vulnerabilities. Zensar recommends using Qualys® SSL Lab site to determine potential exposure to the HeartBleed bug. This site can be accessed by visiting https://www.ssllabs.com/ssltest/
Additionally, here is a list of several helpful links to some of our partner’s site that have issued releases concerning this vulnerability:
Check Point: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173 and http://www.checkpoint.com/defense/advisories/public/2014/cpai-09-apr.html
Zensar will continue to update this helpful list of links related to the HeartBleed vulnerability as soon as information becomes available. In the meantime, please do not hesitate to contact me at email@example.com or call 1-866-425-4242.
AVP / Security, Compliance and Product Practice Head, Zensar Technologies