IBM i laughs at the bleeding heart

IBM i

Apr 09

News of the moment is the deadly sounding HEARTBLEED SECURITY FLAW

as400 iseries ibm i is safe from heart bleed virusThe flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including our sensitive secure information being used inside the site. Heartbleed’s technical name is ‘the CVE-2014-0160 exploit’ which exposes vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted web servers to be compromised. The bug essentially gives the bad guys the ability to read encrypted information such as usernames, passwords, credit card numbers and any other sensitive data. The bug exists in a piece of open source software called OpenSSL, which is meant to securely encrypt communications between a user’s computer and a web server. But security researchers have no way to prove whether or not the flaw, which has existed since at least March 2012, has been exploited.

Wait – is it only me that noticed it has been around since March 2012? So, this is a big deal, but an old deal. Dont panic just yet!

Is IBM i Safe from this security exploit?

ibm i server safeIf you are a user of an IBM i System, the older iSeries or even the legacy AS400 System – don’t worry! You are NOT vulnerable to the Heartbleed bug.

<smug>As if we ever expected a different answer.</smug>

The IBM HTTP Server for IBM i does NOT use OpenSSL for its encryption. IBM i uses its own IBM written encryption code. Power systems utilising PASE do have OpenSSL, but is not leveraged by the HTTP Server. The entire HTTP server is on the ILE side of things.

So it’s — IBM 1 and Bad Guys 0

🙂

To learn more about the Heartbleed bug check out Heartbleed.com.

Follow

About the Author

IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Alpha Nerd and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and in the words of the most interesting man in the world: Stay thirsty my friend.