Dealing with the OpenSSL Vulnerability
April 08, 2014 | Vas Vasiliadis
By now, almost every system administrator on the planet is aware of the OpenSSL vulnerability (also known as the Heartbleed bug). Since its announcement we've been hard at work reviewing all Globus services and software components to figure out which of them, if any, are vulnerable.
As of this posting we know of no Globus services that were compromised, though exploitation by Heartbleed is undetectable, so caution and remediation is warranted. The systems that we operate that may have been vulnerable to attack are updated, and we're continuing to investigate, in case any other issues arise. We have posted more details in our support forum, including recommended actions for administrators of Globus endpoints, and of Globus Toolkit services. If you are concerned that your system or Globus account may be at risk, please read the post and follow the procedures described. As always, we're available to assist with your questions—please contact our support team.