News of the moment is the deadly sounding HEARTBLEED SECURITY FLAW
The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including our sensitive secure information being used inside the site. Heartbleed’s technical name is ‘the CVE-2014-0160 exploit’ which exposes vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted web servers to be compromised. The bug essentially gives the bad guys the ability to read encrypted information such as usernames, passwords, credit card numbers and any other sensitive data. The bug exists in a piece of open source software called OpenSSL, which is meant to securely encrypt communications between a user’s computer and a web server. But security researchers have no way to prove whether or not the flaw, which has existed since at least March 2012, has been exploited.
Wait – is it only me that noticed it has been around since March 2012? So, this is a big deal, but an old deal. Dont panic just yet!
Is IBM i Safe from this security exploit?
If you are a user of an IBM i System, the older iSeries or even the legacy AS400 System – don’t worry! You are NOT vulnerable to the Heartbleed bug.
<smug>As if we ever expected a different answer.</smug>
The IBM HTTP Server for IBM i does NOT use OpenSSL for its encryption. IBM i uses its own IBM written encryption code. Power systems utilising PASE do have OpenSSL, but is not leveraged by the HTTP Server. The entire HTTP server is on the ILE side of things.
So it’s — IBM 1 and Bad Guys 0
To learn more about the Heartbleed bug check out Heartbleed.com.