If you are a Linoma Software customer using any of our products such as the GoAnywhere suite (Director, Services, Gateway, Open PGP Studio), Crypto Complete, Surveyor/400 or the RPG Toolbox, we are pleased to report that our products are NOT vulnerable to the Heartbleed bug.
The CVE-2014-0160 exploit, or Heartbleed bug, has made big headlines over the last 48 hours. The Heartbleed bug exploits vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted systems to be compromised. The bug essentially allows access to the memory of the SSL/TLS protected systems and attackers can potentially steal and read formerly encrypted information such as usernames and passwords, credit card numbers and other sensitive data. To learn more about the Heartbleed bug please visit Heartbleed.com. Additional resources allow you to check and see if your website or server is affected by the Heartbleed bug: Heartbleed Test and LastPass Heartbleed Checker.
GoAnywhere Suite (Director, Services, Gateway, Open PGP Studio)
GoAnywhere does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that GoAnywhere is running on. This exploit does not exist in the JSSE implementation of SSL/TLS. While Tomcat does, however, have the ability to utilize native SSL/TLS capabilities for its HTTP/S connections with the APR Connectors, GoAnywhere does not employ this functionality.
GoAnywhere Secure File Transfer mobile apps:
For Apple devices: The GoAnywhere Apple app uses the Secure Transport implementation of SSL/TLS and is not affected by Heartbleed.
For Android devices: The GoAnywhere Android app uses the JSSE implementation of SSL/TLS and is not affected by Heartbleed.
Surveyor/400 does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that Surveyor/400 is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.
Crypto Complete does not use SSL/TLS for Field or Backup encryption and is not affected by Heartbleed.
RPG Toolbox: Our RPG toolbox does not use any encryption and is not affected by Heartbleed.
At Linoma Software we understand the importance and challenges of HIPAA compliance. Whether your organization has been compliant with the HIPAA Omnibus Rule for months or it’s still shoring up some compliance gaps, there are likely tips you’ve picked up along the way.
Our partnership with HealthIT Security allows us to bring timely and actionable information to healthcare IT professionals and executives. This HIPAA Best Practices Guide uses expert analysis and industry expertise to focus on exactly what will be expected technically, administratively and policy-wise among HIPAA covered entities and business associates (BAs) during potential audit scenarios.
With the estimated cost of compliance falling around $14.5 million annually, regulated healthcare businesses can’t afford HIPAA non-compliance with PHI.
If you have a regulated healthcare business, learn how the HIPAA Onmibus Rule could affect you and how to protect your company by ensuring your forms, files, policies and procedures are 100% HIPAA compliant.
Click here to download the HIPAA Best Practices Guide today.
As technology staffs contend with ongoing changes to the data distribution landscape, it is important to keep abreast of data security risks and to understand the significant importance of properly managing customer’s private data.
The Ponemon Institute recently released its annual data breach report which provides stats on data security issues and trends. With more than 277 companies involved and 1400 individuals interviewed, this report provides a current and unique perspective of potential security risks associated with even the smallest data breach.
Below are highlights of the report which indicates data breaches remain a difficult challenge.
- The report identifies three key causes of data breaches worldwide:
- Malicious Attacks – 37%
- Negligence – 35%
- System Errors – 29%
- The average per capita costs of a data breach increased to $136 per capita over the $130 per capita from the previous year.
- The US had the highest total per incident cost of $5,403,644.
- In 2013 the average number of breached records was 23,647
- Healthcare, Financial and Pharmaceutical industries continue to be the top industries with the highest per capita costs incurred.
Ironically, the report noted that organizations that notified victims too soon following a data breach actually incurred higher costs. This is an indication that an incident management plan should be in place to properly mitigate the data breach event.
It’s clear, based on the data in this report, that companies need to look beyond technology solutions that secure systems and communications. It is important that the human factors are considered like employee training and creating an incident management plan to provide a full proof data security strategy.
Take a look at the full 2013 Ponemon Institute Data Breach report for more information on the top reasons that data breaches occurred and ways to decrease the risks and costs associated with them.
For information on how your company can build a better strategy to avoid data breaches, download our free white paper “Defending Against Data Breach: Developing The Right Strategy for Data Encryption.”
Don’t miss our upcoming live webinar led by Chief Architect Bob Luebbe!
Get Your FTP Server in Compliance
Thursday, January 31 at Noon Central
With the recently added rules for the Healthcare Insurance Portability and Accountability Act (HIPAA) that now holds trading partners and business associates accountable if they also handle patient data, it’s a good time to review whether your FTP server is updated and ready to meet compliance requirements. Learn how to keep your data as well as trading partner files protected within your network and still allow external access without opening inbound network ports. You can also see a demo of Linoma Software’s GoAnywhere™, a managed file transfer solution that includes a secure FTP server and a reverse proxy DMZ gateway with clustering and load balancing capabilities to ensure high availability.
IBM i Encryption Made Easy with DB2 Field Procedures
Now Available On Demand
During this recorded webinar, you can learn about how to make the DB2 Field Procedures Tool in IBM version 7.1 work even more efficiently as part of a more comprehensive solution, one that makes it easier to implement encryption, manage keys, and generate auditing reports so important for meeting compliance regulations like HIPAA and PCI DSS,. You can also see a demo of Linoma’s popular encryption software Crypto Complete.
All of our webinars are recorded, so if you register and are not able to attend live, you’ll be able to review the webinar at a more convenient time.
We look forward to having you join us and will be happy to answer any questions you have.