The Heartbleed Bug

The Heartbleed Bug

posted in Cyber-Security ● 14 Aug 2018

You are probably aware of the news report this week (8th April 2014) highlighting a serious flaw with OpenSSL which could potentially have a serious impact on some web-based services.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). For more information visit https://heartbleed.com/

Redstor are taking this matter extremely seriously and have performed extensive testing of all our internal and external services for the vulnerability.

We are happy to confirm that Redstor backup and storage services have not been affected by the Heartbleed vulnerability as they are not reliant on OpenSSL Protocol communications. Furthermore, all customer data stored on Redstor’s backup platforms is protected by AES (Advanced Encryption Standards) and remains secure against known vulnerabilities.

As a number of Redstor’s key services rely on load balancing technologies, we have also established and can confirm there is no susceptibility to any attacks on the load balancers directly.

For users of our remote device managment software, CentraStage have released a statement regarding this issue which can be found here: https://community.centrastage.com/centrastage/topics/centrastage_statement_on_heartbleed?utm_source=notification&utm_medium=email&utm_campaign=new_topic&utm_content=topic_link

In summary, CentraStage have advised end users to change passwords with immediate effect.

Whilst all data stored by Redstor is encrypted with a minimum of 128-bit AES, we have proactively been in dialogue with our software distributors and service providers to ensure our systems are fully protected against known vulnerabilities and security threats.

Redstor would like to take this opportunity to remind all our customers to follow best security practice, which includes securely storing encryption keys and passwords. Redstor would also like to remind you that Redstor never want to know or need to know any of your encryption keys.  This information should also never be disclosed to third parties. Customers have sole ownership of their encryption keys.

Redstor’s range of secure and encrypted cloud services are already protecting the data of over 10,000 organisations across the UK. Redstor’s Online Backup service ensures data is safely backed up offsite in an encrypted format. Our cloud sync and share service, Centrastor, enables organisations to store and share files securely online from any device with an Internet connection and our CentraStage service enables support providers to guarantee that devices they support are regularly audited, patched and safely up-to-date for effective endpoint management. Our Virtual Disaster Recovery service guarantees to have your systems up and running within minutes following a disaster. To find out more about our services and how we can help you comply with data protection laws and prevent data leakage, please contact us either by giving us a ring on 01189 515 200 or emailing [email protected].

O365 cyber attacks stress need for isolated backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading

How rugby and IT bosses win with data analysis

Whether it’s Rassie Erasmus, Steve Hansen, Warren Gatland or Eddie Jones devising a Rugby World Cup masterplan or an IT boss striving to provide his multi-million-pound organisation with a competitive edge, many of their decisions will be informed by data analysis.

Continue reading