ANN ARBOR, Mich. – The Heartbleed Bug has made waves recently, being touted by some as one of the biggest security threats in the history of the modern Internet. Heartbleed is a serious vulnerability in the popular OpenSSL cryptographic software that runs on nearly two-thirds of the web.
The bug affected many popular websites and services, including social media and email, and could have quietly exposed sensitive account information–such as passwords and credit card numbers–over the past two years.
The OpenSSL Project issued a Security Advisory on April 7, 2014. Later that day, a new OpenSSL 1.0.1g was made available that included bug and security fixes.
Merit identified that the Heartbleed vulnerability affected the MeritMail Collaboration Suite (powered by Zimbra). Because OpenSSL is embedded in the Zimbra code, Merit employed a specific patch Zimbra created specially to address the Heartbleed Bug. Upon receiving the patch from Zimbra, Merit’s IT Team first evaluated it in our test environment to ensure its viability and then quickly deployed the fix to our Membership once it was deemed safe.
Merit’s IT Team then used a utility to audit other systems to determine any vulnerability, applying patches to any potentially impacted systems. A follow up audit was then performed to confirm that the patches were effective.
At Merit, we take the security of our Member Services very seriously. We will continue to place the utmost importance on ensuring our services and systems are protected and that we respond to cyber-threats in a timely manner.
If you have any questions about the Heartbleed Bug, the Zimbra patch for the MeritMail Collaboration Suite or other items related to security at Merit, please contact your Member Relations Manager.