Business Intelligence Experts

Diver BI Group News Heartbleed and your BI Implementation

Heartbleed and your BI Implementation

There’s been a lot in the news over the past week about the “Heartbleed” bug, and it has caused a lot of anxiety about whether passwords and personal information are at risk.

Heartbleed is a bug in OpenSSL 1.0.1 and 1.0.2 beta dealing with support of the TLS Heartbeat extension. This bug, which has caused information to leak from an Internet server, has been estimated to affect up to two-thirds of web servers. It allows information from server memory to leak to an attacker, possibly compromising server keys, passwords and other valuable information. Since OpenSSL is a widely-used encryption library, it has affected major Internet providers such as Google, Yahoo, Facebook, and many more. It has been confirmed that the vulnerability has been in place and available for hackers to exploit for an unknown amount of time (up to two years).

keyboard

Before you start changing all your passwords, it’s important to know how different companies are addressing the issue. If a company’s server is at risk, but it hasn’t patched the site yet, a password change won’t be useful until the patch is applied.

Our Response at Dimensional Insight

Upon hearing about the issue, the Dimensional Insight operations team, which runs our InterReport BI Software-as-a-Service (SaaS) hosted deployments and other infrastructure, immediately reviewed our servers and determined that we are not running the affected version of OpenSSL on any of our servers. We also identified that DivePort running on a regular Tomcat web server would not use OpenSSL, and that encrypted DiveLine is not affected by the bug.

The only configuration of our software that we identified that may be an issue would be a Tomcat configured to use the “Tomcat Native Connector”. This is not the default option for Tomcat, and requires some configuration to work properly. Installations performed by Dimensional Insight Customer Support would not be using this feature. It would also depend on which version of OpenSSL is in use on the system.

Customers with questions about Heartbleed or any other security issues should feel free to contact Dimensional Insight Customer Support. We will continue to ensure that our software and services are protected.

In addition, now is a good time to remind your users about good security practices. Use strong passwords, do not reuse the same password for multiple Internet services, install security updates, and be careful about opening (and especially running!) attachments in emails.

Post by Stan Zanarotti

Stan Zanarotti cofounded Dimensional Insight with Fred Powers in 1989, and he is currently CTO of the company. Stan’s programming expertise allowed for the development of what would become Dimensional Insight’s fully integrated, end-to-end enterprise business intelligence platform. Stan currently holds patents on the technology utilized in Dimensional Insight’s solution set. He received his undergraduate degree in Mathematics from Virginia Polytechnic Institute and his Masters in Computer Science at the Massachusetts Institute of Technology.

Dynamic Business Informatics Ltd

Distributors of The Diver Solution & Diver Platform, providing business consultancy services, products and applications derived from the Diver Solution & Diver Platform.
14 Mellifont Avenue
Dun Laoghaire
Co. Dublin

+353 1 2302022

10 Kenyon Street
Nenagh
Co Tipperary

+353 67 43309

Contact Us

We would love to hear from you! Please submit your query and we will get in touch with you shortly.

Email addresses are never sold, rented, or shared. See our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.

Accolades