NCRA vendors’ response to Heartbleed

NCRA has contacted our vendors to check on their online security. Our previous post on Heartbleed is here. Here are the responses so far:

Advantage Software:

Advantage Software has confirmed that Heartbleed is not a threat to its website. The connect.eclipsecat.com server that handles keyless licenses, shared documents, and realtime sessions likewise is not vulnerable since Advantage does not use the feature of OpenSSL that includes the Heartbleed vulnerability.

Depobook:

DepobookProducts.com and Depobook.com websites are safe and secure.  According to the company, their servers were not running the vulnerable version of OpenSSL.

LiveDeposition:

LiveDeposition.com reports that its website is secure.

Martel:

Level 1 PCI compliance protects Martel store from hackers. Martel store transactions are automatically PCI compliant, and its entire network is independently audited against stringent PCI security standards every three months. Martel is on the lists of PCI-compliant providers for both Visa and MasterCard.

OMTI/ReporterBase:

Both omti.com and its customer portal (support.omti.com) are secure and safe from the Heartbleed bug. In addition, and of particular interest to ReporterBase users who have RB Web subscriptions, the RBWeb servers are not run on Apache and nginx servers; therefore, the website will not be affected by the bug. RB Web uses SSL but not OpenSSL, which is where the bug is present.

Pengad:

Pengad’s servers were patched within a few hours of the vulnerability being announced, according to the company. The large majority of the company’s servers were not vulnerable to this attack, as they run versions of the OpenSSL software that did not have the Heartbleed bug in them. Pengad’s main website, www.pengad.com, is patched and up to date.

ProCAT:

ProCAT.com and MyProCAT.com do not use the OpenSSL that is affected with the Heartbleed vulnerability.

RPM:

RPM’s servers were not affected by the Heartbleed bug.

StenEd:

StenEd was not affected by the Heartbleed defect.

Stenograph:

Stenograph confirms that there are no security concerns for anyone shopping on the Stenograph site. We do not use Open SSL as the method to secure personal or financial information, so our websites are not (and were never) at risk from Heartbleed.

Stenovations:

Stenovations’ websites were not affected by the Heartbleed bug. Stenovations uses PayPal, which was not affected, as its payment processor. They also include this list of tips for Internet security:

  • Make sure each website has a unique, difficult to guess password.
  • If a website offers “Two-Factor Authentication”, turn it on.
  • Install updates for your computer and applications when they become available.
  • If required, use a secure password manager such as LastPass or KeyPass.
  • A longer password that you can remember is often better than a shorter one that you can’t.

StreamText:

StreamText.Net was not affected by the defect.

YesLaw:

YesLaw and YesLaw Online servers were not affected by the Heartbleed defect.

 

This page will be updated as new information comes in.