Secure Communications from the Heartbleed Bug
No doubt you have heard or read about a major online security risk called “Heartbleed” that makes personal information vulnerable, such as passwords, credit card information, emails and more. At the core, Heartbleed is a flaw in OpenSSL, which is an open-source encryption technology that approximately two-thirds of all web servers use on a regular basis. The Heartbleed issue involves a small coding error, but can have serious consequences that affect a large majority of internet users.
On April 7, 2014 the OpenSSL project issued a security advisory that detailed a serious vulnerability in the encryption software in use by a large percentage of the internet. This vulnerability (nicknamed “Heartbleed”) would potentially allow attackers to retrieve information from encrypted SSL endpoints.
Toshiba has taken this issue very seriously and our engineering team and partners have studied in detail all of the components of the IPedge® to determine any vulnerability as described in the security advisory. We have determined that the IPedge and its different components are not affected by the “Heartbleed” vulnerability. The affected versions of OpenSSL are OpenSSL 1.0.1 through 1.0.1f (inclusive). Later versions (1.0.1g and ulterior) and previous versions (1.0.0 branch and older) are NOT vulnerable.
Currently, the IPedge along with its Messaging and Meeting application is using a version of OpenSSL that is not within the affected version range. We are very confident that the IPedge is not affected by the “Heartbleed” vulnerability. We are continuing to monitor this situation to ensure the security of the IPedge. The Strata® CIX, MAS and MicroMAS are also not affected by the “Heartbleed” vulnerability. Toshiba’s FYI and the VIPedge® portal have also been analyzed for vulnerability and we have determined that they are secure.
For more information on this vulnerability visit Heartbleed.com