HUB/RIS Responses To Potential Security Threats

Heart Bleed Vulnerability (April 2014)

The “Heart Bleed Bug” was a vulnerability within Open SSL, which is an open source encryption standard used by many websites to transmit user/customer data securely across the web.  As soon as the news broke about the security vulnerability HUB’s IT Security Team and the IT Management began assessing and testing HUB’s potential exposure.  Fortunately, the majority of our websites are on Microsoft technology, which was not impacted by the Heart Bleed Bug.

BASH Shellshock Vulnerability (September 2014)

Corporate IT has confirmed that HUB is not subject to the vulnerabilities from the Bourne-again shell (BASH) system software, also referred to as Shellshock or Bash Bug.  Below is the statement from Corporate IT Security:

“The BASH vulnerability is related to Linux systems, not Windows. FOCUS sits on a Windows environment, therefore we don’t have any vulnerabilities in relation to FOCUS.”

POODLE Vulnerability (October 2014)

POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, is a security hole discovered in a basic protocol used for encrypting web traffic.  POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server.

HUB’s Corporate IT has issued a statement saying that the IT Security Team conducted a system assessment and HUB is not vulnerable.