This week, a nasty new security risk came to light online. The Heartbleed Bug is, according to heartbleed.com, "a serious vulnerability in the popular OpenSSL cryptographic software library."
Simply put, the Heartbleed bug makes it possible for anyone on the Internet to exploit a security flaw to read the memory of systems using the vulnerable versions of OpenSSL software. The result: compromised security keys, usernames and passwords.
The flaw, dubbed "Heartbleed", could reveal anything which is currently being processed by a web server – including usernames, passwords and cryptographic keys being used inside the site. Those at risk include Deutsche Bank, Yahoo and its subsidiary sites Flickr and Tumblr, photo-sharing site Imgur, and the FBI. -The Guardian.com
But don't fear, Profound Logic customers! There is some good news. Our products, including Profound UI, run under the IBM HTTP Server for i, which does NOT use OpenSSL at all. SSL is implemented by IBM-provided encryption code. That being the case, the Heartbleed Bug is not a concern for Profound UI.
That's right: the ever-reliable IBM i system (including legacy iSeries and AS/400) is safe from the Heartbleed threat. Nick Litten goes into more detail on his blog:
The IBM HTTP Server for IBM i does NOT use OpenSSL for its encryption. IBM uses its own IBM written encryption code. Power systems that use PASE do have Open SSL, but is not leveraged by the HTTP Server. The entire HTTP server is on the ILE side of things. - NickLitten.com
For more information about the Heartbleed bug and tips on how to protect your data, visit: