Heartbleed SSL Vulnerability and FileMaker Hosting at ODI

  • Thursday, 10th April, 2014
  • 09:42am

So what is it?

Heartbleed is a security vulnerability in OpenSSL, a popular, open-source protocol used to encrypt vast portions of the web. It's used to protect your usernames, passwords, and sensitive information set on secure websites.

Is my account at ODI affected by this?

FileMaker Server 13 includes a version of OpenSSL which has been identified as being vulnerable to the Heartbleed bug. At this time we are not aware of any tools which could exploit this vulnerability in FileMaker Server 13.

FileMaker Server 12 and prior server versions are not vulnerable to the Heartbleed bug. FileMaker Pro clients (any version) and FileMaker Go clients (any version) are not vulnerable to the Heartbleed bug when used standalone or when networked-peer-to-peer.

We are updating FileMaker Server 13 to replace the installed version of the OpenSSL library.

What about my web hosting account?

In our web hosting environment we do use OpenSSL but we are using an older version which did not have this vulnerability. You should not have any issues with your accounts at ODI.

So what should I be worries about?

Lifehacker, who published a great, plain-language guide to the flaw notes that about 66 percent of the web probably uses OpenSSL to encrypt data. At this point, some sites will be running new, fixed versions of OpenSSL and are already secure. Here is a tool that you can use to test whether a site is vulnerable to this flaw. Our recommendation is to check the websites that you use with this tool and check to see if they are vulnerable. Change your passwords on all accounts AFTER they have patched OpenSSL.

If you have any questions you can always contact technical support at support@oditech.com or by calling 877-735-9299

« Back