On April 7, an announcement was issued by the OpenSSL project team about a serious security vulnerability (also known as the Heartbleed bug).
We’d like to inform you that all transactions on Novell & Novell Counseling’s SSL-secured information pages have been identified to be safe; your information has remained private.
For a deeper explanation regarding this issue, read on:
The Heartbleed vulnerability is a software bug in the popular OpenSSL software library, which is used on many sites and services on the Internet to provide a secure connection between your computer and the remote end (e. g. web servers, mail servers, Cloud Storage, etc.). Heartbleed exploits this programming bug and compromises the integrity of the sensitive data that is secured via these SSL tunnels by leaking random blocks of memory to a potential attacker. The leaked blocks can reveal sensitive information (e. g. personal information, credit card information, passwords, or private keys of your SSL certificates) to the potential attacker.
The software bug is present in specific versions of OpenSSL. It was introduced on March 14, 2012 and was effectively fixed on April 7, 2014. Since the bug was present in the OpenSSL library for almost two years, affected systems could have leaked sensitive information to potential attackers who were aware of the bug beforehand.
Novell & Novell Counseling takes the security and privacy of your information very seriously, and chose not to use the compromised OpenSSL technology to protect the secure forms and information pages. As such, all of Novell & Novell’s SSL-secured services have been identified to be safe.
What does this mean for you?
This means that at no time has Novell & Novell’s customers or visitors been exposed to having any possibly sensitive information leaked to potential attackers – even if these attackers were aware of the Heartbleed bug before the official announcement from the OpenSSL team. Your information has remained private and safe.