April 2014

How Java™ Could Have Prevented Heartbleed

By | Date posted: April 29, 2014
Heartbleed

OpenSSL continues to cast a shadow over the IT industry’s poor choice of programming languages for developing secure software. Neils Ferguson and Bruce Schneier’s mantra, that using a programming language without protection against buffer overflows is tantamount to criminal negligence, is a continuous reminder of memory related security bugs that plague our industry. Read more

Blueprint for Heartbleed and OpenSSL Risk Exposure Prevention

By | Date posted: April 23, 2014

Forum Systems to Showcase API and Cloud Security Gateway at Infosecurity Europe

Forum Systems Inc. will be showcasing Forum Sentry – its industry-leading API and Cloud Security Gateway – next week at Infosecurity Europe 2014. Europe’s biggest free-to-attend information security event, the conference takes place at Earls Court in London from April 29 – May 1. The company’s security experts will be showcasing its products at Stand G87. Read more

Load balancers that use OpenSSL

By | Date posted: April 18, 2014
Heartbleed

A list of market leading load balancers that use OpenSSL to protect HTTP and FTP traffic includes F5, Citrix, Radware, Riverbed, and Barracuda.  Load balancers spread traffic amongst multiple servers and enable high availability for business transactions. They serve as a central conduit for critical business transactions. The load balancer vendors have done a good job in patching their products to prevent the latest OpenSSL vulnerability: Heartbleed.

Read more

Forum Systems Exec running Boston Marathon 2014

By | Date posted: April 17, 2014

Boston Marathon 2014 is special.  For many years, this event has been the grand slam of marathons, an elite race for many around the world.  This year, it has changed from a symbol of an individual’s physical strength and endurance to an icon of a community’s emotional connection and camaraderie.  Reflecting this spirit, Forum Systems’ Director of Marketing, Chris Pisarkiewicz, is running the Boston Marathon as a tribute to Boston’s first responders.

Sarah Castanellos, Technology Reported, Boston Business Journal published a piece: Why these tech execs and employees are running the Boston Marathon, in their own words

Chris Pisarkiewicz, director of marketing at Newton-based API and cloud gateway technology firm Forum Systems is running his first-ever marathon on Monday along with his fiance.

“This year is special to me because the events that took place last year hit close to home,” he wrote in an email. “Every year my future father-in-law, a Boston fireman, runs the marathon with the Boston Fire Department. Last year, my fiancé and I were two blocks from the finish waiting for him to run by when the bombs went off. It was an experience I’ll never forget and it’s particularly important to me to be running with the BFD as a tribute to first responders.”

 

Heartbleed exposes privates

By | Date posted: April 14, 2014
Heartbleed

This is as serious as it gets. Heartbleed exposes your corporate private keys. Your crown jewels, your keys to the castle….well you get the idea. Your corporate privates are indeed exposed, they may not have been stolen yet, but they are unequivocally exposed through Heartbleed. It took researches less than 3 hours to extract private keys from a server as a result of a challenge issued by CloudFare.

Read more

OpenSSL Security Vulnerabilities and other C-based Risks

By | Date posted: April 11, 2014

One of the most significant OpenSSL security vulnerabilities is the latest Heartbleed OpenSSL security flaw (CVE-2014-0160). This OpenSSL security vulnerability is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. You can be certain that IT security folks out there felt that they were making the right architectural decisions to secure the enterprise. The problem isn’t the intent, the problem is the premise. Applications, wrapped in security band-aids , is not a sound enterprise risk mitigation strategy. Sure, Apache and OpenSSL are widely available and have been around for a long time, but look where it has led us.

Read more