By Jared Davison – Chief Information Officer, Medical-Objects Pty Ltd
Medical-Objects have completed a review to determine if it is affected by the recently announced OpenSSL “heartbleed” vulnerability, and we are pleased to report that our systems and software are not affected and our customers can be assured that Medical-Objects is safe and secure.
Medical-Objects would like to advise our customers that the software which we supply does not use OpenSSL for implementing its Transport Layer Security (TLS) protocol security features.
Medical-Objects recommend that customers review other software used within their businesses to determine if OpenSSL TLS is enabled by any other software systems in use. A list of common OpenSSL applications are available on the following OpenSSL site:
http://www.openssl.org/related/apps.html
Possibly the most commonly affected applications are Apache and nginx webservers.
The OpenSSL security issue enables an attacker to obtain private secret key material which can be used to decrypt past, present and future encrypted data, as well as impersonation the owner of the key. Key replacement is advised if affected.
Only OpenSSL releases after 14 March 2012 are affected ie. OpenSSL 1.0.1 – 1.0.1f.
Please see the following website for more detailed analysis and resolution advice. http://heartbleed.com/