Heartbleed: What Blackline Clients Need to Know
Heartbleed, a vulnerability in a widely-used cryptographic software library was revealed to the world this week. This weakness in the OpenSSL library could potentially allow malicious parties to bypass the encryption and privacy measures that many web sites and apps use for sending and receiving data.
Heartbleed and Your Blackline/Loner Portal Account
Blackline GPS has taken measures to correct this weakness across all of its sites and web servers.
More Information About Heartbleed
Heartbleed.com describes the weakness:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What You Need to Do
Although Blackline GPS has not detected any malicious activities or exploits of the Heartbleed vulnerability, we highly encourage all of our clients to change their passwords as a routine security measure and best practice. As in all things, we also recommend that you use a cryptographically strong password. You can generate strong passwords using many available tools including LastPass, 1Password, or KeePass 2.