Is groov vulnerable to Heartbleed?
By now most of us have heard about the Heartbleed bug in OpenSSL. This bug makes it possible to steal information like usernames and passwords that are normally protected by the secure sockets layer (SSL).
It’s a serious issue, and many websites—including this one, groov.com—have already fixed it.
Is my groov project safe?
If you have a groov Box, we’ve released an update that eliminates the vulnerability. The bug affected only groov Admin, but it could allow someone to decrypt communication to both groov Admin and the groov App, thereby exposing login information.
If you have groov Server for Windows, the bug does not directly affect it. BUT you should check other services running on the same PC. If they’re vulnerable, then your groov project security data is potentially vulnerable as well.
What should I do?
First, don’t panic.
Second, see Opto 22 KnowledgeBase article KB83762 for update installation instructions and complete information on affected products.
Third, since the Heartbleed bug affects many websites where you do business—for example, banks, email, retailers—you should determine whether the sites you use were vulnerable and see if they’ve fixed the bug. Then after they’ve fixed the bug, change your password.
- To check any website for Heartbleed vulnerability, you can go to: filippo.io/Heartbleed
- For more details about the Heartbleed bug: http://heartbleed.com/
And remember, if you have questions or problems, we’re always here to help.
Opto 22 Product Support Team
Phone: 800-835-6786 or +1-951-695-3080