Now that the excitement and outrage about Heartbleed is ebbing, companies could enter a dangerous zone of complacency.
Your AS400 is not vulnerable to the bug. IBM uses its own encryption code so OpenSSL vulnerabilities are not a danger and there is nothing you have to fix on your power system.
BUT, there are plenty of software and websites you may be interacting with that do pose a threat. At this point many companies have already put a patch and verifying that information is simple. Here is a free tool from Mcafee to use. You just enter the website URL and you can determine if the website is safe from Heartbleed. Then change your passwords. FYI, our DRV software does not have the Heartbleed vulnerability.
The really scary thing about Heartbleed is that there is no logging that can let us know if there was a data breach. So even if a company sounds confident about the safety of its encryption, if they acknowledge using OpenSSL then change your passwords. There is no way to know for sure if your data prior to patching was captured by hackers.
Devices
Heartbleed isn’t just about software vulnerabilities. Many networking devices are vulnerable. Check with manufacturers to determine whether any of your company routers, etc. pose a risk. Apple says its iPhones and services like iCloud and iTunes are safe from Heartbleed, but non-Apple software accessed by the phones could pose a threat. About a third of all Android smart phones (4.1.1 Jellybean) may be at risk. More information here.
Sometimes a picture says a thousand words. Check out this cartoon that sums up the far reaching effects of Heartbleed.
For more tips, tricks, tools, and insights for IBM i, i Series, AS/400, and IBM Power Systems, sign up for our blog today.
APR