Recently, a vulnerability was disclosed regarding a library component that is a core piece of the internet’s building blocks. See http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/ for more details on this issue. The ultimate effect of this problem is that some messages can result in external systems taking unexpected control of other systems by taking advantage of a hole in the DNS processing logic. This note describes Electra’s response to this problem.
The areas of investigation for remediation for Electra clients are externally facing systems and internal systems.
For externally facing systems Electra has applied a patch to the glibc (libc6) library on all Linux systems. This was an important first step because our external systems depend on external DNS servers.
For internal systems, our own DNS service uses BIND9, which is said to be immune to this vulnerability even on systems with the faulty glibc (and glibc has been updated on the DNS servers too, of course).
We take the responsibility of keeping your information protected very seriously at Electra Information Systems. We would like to assure you that with regards to the glibc bug:
1. Your account is secure
2. Your account details were not exposed in the past and will remain secure
3. You do not need to take any additional action to safeguard your information
4. There is no need to change your password
5. All servers have been patched to avoid other potential exploits of this bug