Esri Issues Help to Fight Heartbleed Bug in ArcGIS Products

April 15, 2014  - By

heartbleedEsri has issued guidelines for users to protect themselve against the Heartbleed Bug, officially named OpenSSL Vulnerability CVE-2014-0160 (Heartbleed).

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.

Since learning about the vulnerability, Esri staff have been performing maintenance to validate, secure, and patch Esri servers and infrastructure to close this vulnerability and ensure Esri customers are protected.

Esri suggests its customers read its Knowledge Base Technical Article to determine the action required for their particular ArcGIS products and services. As an extra precaution, users may want to change their passwords.

This article is tagged with , , and posted in GIS News, GIS Software, Mobile Devices

About the Author: Tracy Cozzens

Senior Editor Tracy Cozzens joined GPS World magazine in 2006. She also is editor of GPS World’s newsletters and the sister website Geospatial Solutions. She has worked in government, for non-profits, and in corporate communications, editing a variety of publications for audiences ranging from federal government contractors to teachers.