X
    Categories Company News

AppNeta Security Update: Heartbleed

AppNeta no longer blogs on DevOps topics like this one.

Feel free to enjoy it, and check out what we can do for monitoring end user experience of the apps you use to drive your business at www.appneta.com.

This week, a vulnerability in OpenSSL named “Heartbleed” was disclosed. This post is an update documenting our internal investigation of possible customer exposure and the steps we’ve taken to ensure that customer data is secure and private.

About Heartbleed:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

More information: http://heartbleed.com/

AppNeta Service Status

Below are details on the steps being taken to ensure this issue is addressed in each of the AppNeta services.

TraceView

TraceView’s data collection system is not SSL-based (using SSH private keys) and thus has never been vulnerable to SSL attacks like Heartbleed. All data collected by our systems was transmitted securely.

The TraceView web console is served over SSL via Amazon’s Elastic Load Balancer. Amazon has already applied updates which address the software issue. Additionally AppNeta will updating the SSL certificates used for TraceView within the next 24 to 48 hours.We encourage TraceView users to update their passwords as soon as possible.

For Heroku users, we have updated the SSO token to ensure secure login via the Heroku dashboard.

PathView, AppView and FlowView

All service components used within the PathView, AppView and FlowView service architectures are being upgraded out of an abundance of caution. This upgrade will be completed in the next 24 to 48 hours and will require a service restart, resulting in a short period of time during which you cannot log into the PathView service. All data collected by AppNeta appliances will be cached automatically and uploaded immediately upon the completion of that upgrade, so no data will be lost.

AppNeta network monitoring appliances, including web monitors, will be upgraded as part of this security upgrade. All customer appliance maintenance plans will be followed, and customers can define how and when their appliances are upgraded by following the steps described here. AppView Monitors will be upgraded automatically, but this process will result in a 10 to 15 minute period during which scripted transactions are not executed.