Recently, a vulnerability was disclosed regarding the SSL cryptographic protocols designed to provide communications security over a computer network. This new vulnerability is called DROWN. The effect of this vulnerability is that an attacker could crack the TLS security of a targeted system. You can learn more about this attack here. This note describes Electra’s response to this problem.
The areas of investigation for remediation for Electra clients are externally facing systems and internal systems.
For externally facing systems Electra has disabled the one system which had this vulnerability. This resulted in all systems being clear of SSL v2 support and leaves no more externally available exploits.
For internal systems, no changes were needed.
We take the responsibility of keeping your information protected very seriously at Electra Information Systems. We would like to assure you that with regards to the DROWN exploit:
1. Your account is secure
2. Your account details were not exposed in the past and will remain secure
3. You do not need to take any additional action to safeguard your information
4. There is no need to change your password
5. All servers have been patched to avoid other potential exploits of this bug