The University Private cloud and the HeartBleed Vulnerability

I’m sure you will have all seen in the media, messages regarding the heart bleed vulnerability in the openssl software used to secure many websites and services across the internet, as well as local announcements from OxCERT and other university IT providers.

The cloud team would like to reassure our customers that all except one component of the cloud service was not vulnerable to this issue. All public facing interfaces, consoles and the underlying infrastructure were not affected. One component, that which provided the edge device gateways for a small number of customers of the virtual datacenter service who have deployed vshield edge devices, was affected. The impact of these however was extremely low, and the appropriate patching and mitigation steps were take as soon as a patch became available from VMware.

If you have any concerns please do not hesitate to contact us (nsms@it.ox.ac.uk)

For an excellent blog post from the information security office see

http://blogs.it.ox.ac.uk/oxcert/2014/04/14/open-heartbleed-surgery/

The local OxCERt bulletin on this can be found at

http://www.oucs.ox.ac.uk/network/security/bulletins/osb2014-054.xml

whilst the VMware documentation on patch availability and product vulnerability can be located at

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225

 

Posted in Uncategorized | Leave a comment

Leave a Reply