Heartbleed vulnerability and why your email archiving is safe with us
Let’s start with some reassurance: The “Heartbleed” bug is not the end of the world, and if you work with Intradyn, it’s not the end of your email archiving security. With that out of the way, let’s discuss just how bad heartbleed is.
The heartbleed bug is a vulnerability in the OpenSSL open source library, which is used across a wide section of the world wide web. One of its more prominent uses is by security vendors, used to make browser connections secure. When you’re looking up at the address bar of your browser and see “https” starting the URL, that “s” tells you it’s a secure connection. Or at least we thought it was.
The problem, then, comes from a bug discovered by Google Security involving a command known as “heartbeat.” Putting it as simply as we can, heartbeat allows for finding out if a server is still there and responding. So it’d be like poking someone and saying “If you’re there, say ‘cat.'” But in heartbleed’s case, the person poking can not only get someone to say “cat” but also the next 64k of data they’ve seen.
That may not seem like much, but when it comes to the type of data being handled by OpenSSL, it’s enough. The server would not only respond with “cat” but then also the next several bits of information is has had to process recently. So along with the heartbeat, it’s bleeding information all over the place, with information like “User JohnDoe01 searched for X” or much more dangerously “User JohnDoe changed password to ABC123” (which isn’t a safe password anyway, but you get the idea).
OpenSSL is used by so many websites, and so this bug was so widespread that Yahoo! itself, the third largest website in the world, was vulnerable. Fortunately, the bug has been fixed, so with the latest updates, Yahoo! is now secure and other websites will soon be, but be prepared for multiple calls to change your passwords (such as the government advising those who signed up for the Affordable Healthcare Act), as there was a time when servers were being a bit too open with the wrong people.
Now that you know just how troublesome the heartbleed bug was, rest assured that the information secured by Intradyn was never in jeopardy. We tested for the vulnerability early and our servers passed with flying colors. Part of our commitment to our customers is making sure that our environment is absolutely secure. We’re not just waiting around for a problem to make itself known; we’re making sure of your email archives are secure with proactive testing.
Ultimately, when you need someone to trust with your email archives, don’t you want someone who is actively watching out for you? If so, please feel free to contact us.