News of the moment is the deadly sounding HEARTBLEED SECURITY FLAW
The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including our sensitive secure information being used inside the site. Heartbleed’s technical name is ‘the CVE-2014-0160 exploit’ which exposes vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted web servers to be compromised. The bug essentially gives the bad guys the ability to read encrypted information such as usernames, passwords, credit card numbers and any other sensitive data. The bug exists in a piece of open source software called OpenSSL, which is meant to securely encrypt communications between a user’s computer and a web server. But security researchers have no way to prove whether or not the flaw, which has existed since at least March 2012, has been exploited.
Wait – is it only me that noticed it has been around since March 2012? So, this is a big deal, but an old deal. Dont panic just yet!
If you are a user of an IBM i System, the older iSeries or even the legacy AS400 System – don’t worry! You are NOT vulnerable to the Heartbleed bug.
<smug>As if we ever expected a different answer.</smug>
The IBM HTTP Server for IBM i does NOT use OpenSSL for its encryption. IBM i uses its own IBM written encryption code. Power systems utilising PASE do have OpenSSL, but is not leveraged by the HTTP Server. The entire HTTP server is on the ILE side of things.
So it’s — IBM 1 and Bad Guys 0
To learn more about the Heartbleed bug check out Heartbleed.com.
IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Alpha Nerd and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and in the words of the most interesting man in the world: Stay thirsty my friend.
How do we Check for Batch or Interactive in CLLE
Developerworks Connections Sunset – How to Extend RDi
Why use IBM i RDi?
How to Install IBM Access Client Solutions (ACS)
IBM i Data Obfuscation – Making Data Foggy Murky and Squinty
How to rename Fresche (BCD) Presto Library – XL_PRESTO
What is AS400 modernization?
IBM i ACS 5250 EMULATOR FONT – and other ridiculous mumbo jumbo
IBM i SQL statement to convert or compare hundred year date format