If you are a Linoma Software customer using any of our products such as the GoAnywhere suite (Director, Services, Gateway, Open PGP Studio), Crypto Complete, Surveyor/400 or the RPG Toolbox, we are pleased to report that our products are NOT vulnerable to the Heartbleed bug.
The CVE-2014-0160 exploit, or Heartbleed bug, has made big headlines over the last 48 hours. The Heartbleed bug exploits vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted systems to be compromised. The bug essentially allows access to the memory of the SSL/TLS protected systems and attackers can potentially steal and read formerly encrypted information such as usernames and passwords, credit card numbers and other sensitive data. To learn more about the Heartbleed bug please visit Heartbleed.com. Additional resources allow you to check and see if your website or server is affected by the Heartbleed bug: Heartbleed Test and LastPass Heartbleed Checker.
GoAnywhere Suite (Director, Services, Gateway, Open PGP Studio)
GoAnywhere does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that GoAnywhere is running on. This exploit does not exist in the JSSE implementation of SSL/TLS. While Tomcat does, however, have the ability to utilize native SSL/TLS capabilities for its HTTP/S connections with the APR Connectors, GoAnywhere does not employ this functionality.
GoAnywhere Secure File Transfer mobile apps:
For Apple devices: The GoAnywhere Apple app uses the Secure Transport implementation of SSL/TLS and is not affected by Heartbleed.
For Android devices: The GoAnywhere Android app uses the JSSE implementation of SSL/TLS and is not affected by Heartbleed.
Surveyor/400 does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that Surveyor/400 is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.
Crypto Complete does not use SSL/TLS for Field or Backup encryption and is not affected by Heartbleed.
RPG Toolbox: Our RPG toolbox does not use any encryption and is not affected by Heartbleed.
Crypto Complete™, one of the most popular encryption solutions for the IBM i, just took things to a whole new level. Version 3.3 now allows users to automatically encrypt files stored on the Integrated File System (IFS).
“We don’t think there is any other solution out there that provides this feature,” said Ron Byrd, Senor Engineer for Crypto Complete. “Based on feedback we were getting from our customers, it seemed like the obvious next step for us.”
Version 3.3 can automatically protect the contents of any sensitive IFS files including PDF documents, text files, Excel spreadsheets, binary objects and other graphics files.
Administrators can designate which folders should be encrypted, and from then on, Crypto Complete will automatically encrypt any new files or data as soon as they are added to those targeted IFS folders.
Encrypted files will then automatically decrypt when accessed by specifically authorized users or groups. Tracking who accesses files is carefully logged with detailed audit trails.
Find out more about the newest release of Crypto Complete in this official announcement.
As technology staffs contend with ongoing changes to the data distribution landscape, it is important to keep abreast of data security risks and to understand the significant importance of properly managing customer’s private data.
The Ponemon Institute recently released its annual data breach report which provides stats on data security issues and trends. With more than 277 companies involved and 1400 individuals interviewed, this report provides a current and unique perspective of potential security risks associated with even the smallest data breach.
Below are highlights of the report which indicates data breaches remain a difficult challenge.
- The report identifies three key causes of data breaches worldwide:
- Malicious Attacks – 37%
- Negligence – 35%
- System Errors – 29%
- The average per capita costs of a data breach increased to $136 per capita over the $130 per capita from the previous year.
- The US had the highest total per incident cost of $5,403,644.
- In 2013 the average number of breached records was 23,647
- Healthcare, Financial and Pharmaceutical industries continue to be the top industries with the highest per capita costs incurred.
Ironically, the report noted that organizations that notified victims too soon following a data breach actually incurred higher costs. This is an indication that an incident management plan should be in place to properly mitigate the data breach event.
It’s clear, based on the data in this report, that companies need to look beyond technology solutions that secure systems and communications. It is important that the human factors are considered like employee training and creating an incident management plan to provide a full proof data security strategy.
Take a look at the full 2013 Ponemon Institute Data Breach report for more information on the top reasons that data breaches occurred and ways to decrease the risks and costs associated with them.
For information on how your company can build a better strategy to avoid data breaches, download our free white paper “Defending Against Data Breach: Developing The Right Strategy for Data Encryption.”
Compliance regulations like HIPAA and PCI DSS have us all looking for more efficient and secure ways to keep sensitive data protected, especially the personal information fields we’ve all come to rely on: social security numbers, credit card numbers, birth dates, driver’s license numbers, insurance policy ID numbers, etc.
Fortunately, IBM is working hard to meet the growing demands of companies who must store and share private information and compliance auditors who govern how it must be done. When it released IBM i 7.1, it included a feature for encrypting DB2 form fields to give IT staffs more control.
Surprisingly, not everyone is taking full advantage of these DB2 FieldProcs either because they’re not aware of their benefit, or because they’re waiting for an even more comprehensive approach.
If you fall into either of these groups, then we’ve got good news. The Linoma Software team is hosting a webinar next week to share tips for how to maximize the DB2 FieldProcs feature in IBM i 7.1. In addition, we’ll provide some options that could give your processes even more functionality, making things more efficient.
We invite you to grab some lunch and join us for “IBM i Field Procedures Simplified with DB2 Field Procedures“ on June 13 at noon central. There will be lots of opportunities to ask questions, and we’ll also record the webinar so you can share it with your colleagues.
Hope you’ll be able to join us!