Email not displaying correctly? View it in your browser: https://us2.campaign-archive.com/?e=[UNIQID]&u=84638d120599c4461b514e1a0&id=a6c31f3ba3
From the editors virtual desk
News of the week, have you been affected by Heartbleed? This seems to be the only thing on everyones mind right now, even some of my completely non techie friends have been asking me. So what is this all about Neil, I am worried about it and how it affects me. Its amazing how much interest there is in this issue and so there should be it is very serious. There has been some interesting advice from the paranoid, do not use the internet anymore or until everything is patched, however I have taken a different approach. Firstly as a techie I know that software isn’t perfect, lets face it what is. So for my entire online life which spans over 2 decades I have tarn a proactive approach, rather than being too cautions understand the risks and managing them accordingly. I use a proper password management service and try and ensure that all of my accounts have unique and as complex as they will allow passwords. This limits the attack surface of any potential hacker as we know as it means that he will not gain access to any other system based off a single system hack.
So what do I tell my customers. Well firstly they should not panic. I work with all of my customers to ensure that their systems are in good shape and adequately up to date with patches specifically security patches. As organisation do, we discuss security on a regular basis and their defence in depth approach is always looked at to ensure it is capable and adequate. When an issue such as this arises we ascertain the potential products that are at risk and then ascertain the risk level. Based on that we come up with an action plan which would take into account many factors including how important the system is, can we take it offline and many other things.
So the key is preparation, planning and above all do not have a knee jerk reaction, take a good look at the issue and analyse it with the correct intent for your organisations assets and provide recommendations based on that.
Our official KB for this issue is reflected here and I suggest that you have a look at the affected products and discuss how this may relate to your individual organisations circumstances and adopt a security posture to this issue accordingly.
VMware Response to OpenSSL security issue CVE-2014-0160/CVE-2014-0346 a.k.a: "Heartbleed" (2076225)
Have a great week everyone.
Senior Technical Account Manager
Local Training Classes