+1-757-461-3022 x124

Heartbleed — the xTuple Response

Friday, April 11, 2014

Earlier this week, security experts revealed a significant flaw in a widely used Internet security product called OpenSSL. The bug, called Heartbleed, is a vulnerability in systems that use OpenSSL to encrypt information over SSL connections. OpenSSL is used on about two-thirds of the Internet servers in the world, so the impact of this bug is very widespread. The existence of this bug does not mean that any specific private information has in fact been stolen, but it does mean that it could have been stolen, and all sites that employ the OpenSSL encryption library must implement a security patch immediately, as well as perform a number of other security-related updates, to protect against Heartbleed.

xTuple has taken the following actions to update our servers, secure our data, and protect our customers:

  1. The day after the information on Heartbleed was released, xTuple replaced the OpenSSL code on our servers with an updated version that does not contain the bug.
  2. We have revoked and reissued all SSL certificates for our servers, to remove any lingering vulnerability.
  3. We are informing our user community of our actions and recommending that you update your passwords.

What should you do?

This is not fun, we know, but the potential impact of this bug is quite serious and affects thousands of websites around the Internet, including ours. Now that we have updated our SSL certificates, you should update the passwords you use to connect to xTuple sites and services. You should also update any passwords you use to connect to any other Internet service, including Google, Facebook, Amazon, etc., as they all have been affected by this bug.

Want to know more?

If you want to learn more about Heartbleed, read the information posted by Codenomicon, the security firm that first exposed this bug.

BC Wilson

Director Cloud Services
With the explosive movement of cloud strategies, BC was promoted to director of cloud services in 2014. Previously, he oversaw operations and hiring of managers for critical lines of business for the Product Management Group, driving return on investment (ROI) for all xTuple products and managed ongoing engineering and development of the xTuple Classic GUI product, including all customer-sponsored enhancements, as well as the xTuple Web Portal product. Prior to xTuple, BC was a senior product manager for Trader Electronic Media, where he directed the development of websites for the classified advertising market. He has also worked as a partner in a web design agency, and a content producer for the Road Runner and Starband broadband service providers. BC began his career as a writer and editor for the Ziff Davis computer magazines. He holds a B.A. in Theology from Georgetown University, and an M.F.A. in Creative Writing from Old Dominion University. In 2012, BC was appointed as a commissioner of Bicycle and Pedestrian Trails in Norfolk, Virginia.