Asset 1EN.png

Cimpl Blog

Your Weekly Insights on How to Manage your Enterprise Digital Footprint.

Dear Customers: Cimpl not Vulnerable to the Heartbleed Bug

Posted by Henry Cheang | April 11, 2014 5:18 PM

Much ado about a VERY big problem!

The Heartbleed bug made international news this week, and with good reason. But, before we get to the whys and wherefores, it’s important for us to inform you that:

ETELESOLV HAS NEVER BEEN VULNERABLE TO THE HEARTBLEED BUG, AND EVERYTHING THAT YOU HAVE ENTRUSTED TO ETELESOLV HAS BEEN AND REMAINS SAFE FROM THE HEARTBLEED EXPLOIT.

 

Heartbleed bug

You don’t have to change the passwords or other Cimpl-related security information/protocols because absolutely none of Cimpl’s software, platforms, and technology is built on/depends on Linux-based open source servers – the key vulnerability which the Heartbleed bug exploits.

Vincent Parisien, Cimpl’s Vice-President of Technology, made an unequivocal claim regarding the Heartbleed bug and Cimpl’ security-readiness in this regard: “I want to assure all of our loyal customers that the Heartbleed bug could not have been used against them via any of Cimpl’s products and services. All of our technology is built off Microsoft platforms, and is hence unaffected. That said, because we take security very seriously, we thoroughly tested and inspected all of our operations - by day’s end on April 8 (2014) - and confirmed that none of our platforms were Heartbleed-vulnerable.”

And now, some specifics!

1) What is the Heartbleed bug?

This is a serious vulnerability in the extremely popular OpenSSL cryptographic software library that has been around since December 31, 2011. The Heartbleed bug allows hackers who know the flaw to easily access passwords, sensitive information, and even the encryption keys of target computers. They do so by making use of an erroneously coded handshake (i.e., information exchange action) in OpenSSL called the “heartbeat extension”. Most distressingly, there is no way to know if someone has hacked your machine using the bug because it leaves no trace whatsoever.

2) What is the scope of the problem?

The scope of the problem really becomes clear when you realise that OpenSSL is used by over 2/3 of the internet in encrypting data - Internet security largely runs on OpenSSL! That means over 66% of the data that we thought was safe and private has been open to unwarranted access and tampering for over two years.  The Heartbleed bug was apparently an honest mistake on the part of a coder who was, ironically, trying to improve the security of OpenSSL. That’s immaterial to you, however – the more important thing is to determine whether you’re affected by this bug.

A quick guide on which services need password change

We’ve put together a quick list of affected services and whether or not you should change your password on those services in response to the Heartbleed bug (Sources: Mashable, Globe and Mail, Yahoo News, Vancouver Sun, and BBC News).

However, for a much more comprehensive listing, go to github.com’s list of sites test – at last check, they tested over 10,000 sites on April 8, and were re-conducting their tests. It’s unlikely that all 10,000 sites and services are pertinent to you (but do make sure you check). Here is our list of key services that most people use and whether or not you need to change your password on them! 

Passwords that need to be changed

Name

Vulnerable?

Patched?

Change password?

Amazon

No

No need

Only if shared with vulnerable service

Amazon Web Services

Yes

Yes

Yes

Apple

Not clear

Not clear

Not clear

Canadian Banks (All)

No

No need

No

Dropbox

Yes

Unknown

Yes

eBay

No

No need

Only if shared with vulnerable service

Evernote

No

No need

Only if shared with vulnerable service

Facebook

Yes

Yes

Yes

Google/Gmail

Yes

Yes

Yes

HSBC

No

No need

Only if shared with vulnerable service

Instagram

Yes

Unknown

Yes

LinkedIn

No

No need

Only if shared with vulnerable service

Microsoft/Hotmail/Outlook

No

No need

Only if shared with vulnerable service

PayPal

No

No need

Only if shared with vulnerable service

Pinterest

Yes

Unknown

Yes

Target

No

No need

No

Tumblr

Yes

Yes

Yes

Twitter

No

No need

Only if shared with vulnerable service

Walmart

No

No need

No

Yahoo/Yahoo Mail

Yes

Yes

Yes

So now you know that your Cimpl products are safe from Heartbleed hacks, and we’ve given you enough information to decide for yourself if your workflow (or home computing setups) were vulnerable to compromise. That said, we strongly advise you to continue implementing a password protection policy and other security measures in your organization. And if you don’t have one, the Heartbleed bug should be your wakeup call!

Some final words… 

Now, just imagine: Cimpl’s platforms, including our signature technology and telecom expense management product,  Cimpl were safe against a vulnerability that impacted 66% of the world. What else do we do right? We are constantly refining and improving our product – we’re trying to future proof our services even as we try to stay ahead of the curve for security issues! By attending our webinar, you get to see just how forward-thinking Cimpl can be!

What is Telecom Expense Management?                    

Related articles:

Topics: Company Culture, Security, Passwords

Written by Henry Cheang

Henry has a lifelong passion for science and technology. This enthusiasm is put to good use in a cutting-edge software company like Cimpl. As product marketer, Henry researches market and user needs to develop user and buyer personas, contributes to product design, and helps coordinate product messaging. Henry also writes nearly the entirety of all documentation for Cimpl’s many successful platforms. In his spare time, Henry devotes much energy to family, friends, and martial arts. Henry recently completed his Master’s in Business and Administration from Concordia University, where he specialized in the study of marketing, organizational behavior, and corporate governance. He has authored academic papers on the latter two subjects; these papers form part of his bibliography of over 20 professional research publications.

Follow Us!

Bring Your
Bank Case study on Expense Management
BYOD

Subscribe to our Blog