On April 7, 2014, a vulnerability in common OpenSSL implementations was publically released which allows an attacker to read data from memory of affected servers. This vulnerability has a worldwide impact upon millions with common sites such as Yahoo, Google, Facebook, Dropbox, and Godaddy being reported as potentially affected.
At TJS Deemer Dana, the security of our client information is of utmost importance. Upon public release of the vulnerability, an exhaustive analysis of our information systems infrastructure was performed by our security research team. The results of the investigation showed that no affected services have been exposed at any time since the discovery of the vulnerability. Our team has also verified either by directly testing or through communication with support services that our third party vendors which house client data (for example, those hosting client tax portals) were also not affected by the bug.
We encourage our clients to take appropriate measures to personally reduce their exposure to this extremely dangerous situation. For clients who host or contract with third parties who host internet facing services which may house or transmit sensitive information, we recommend that similar due diligence is performed to identify potentially affected systems and ensure that these systems are patched. We also encourage everyone to take appropriate measures to change passwords on potentially affected systems.
The security team at our subsidiary, IS Audits & Consulting, has posted this helpful article on the impact of this vulnerability upon the public as well as steps to take to mitigate the risk of their data being compromised.