Dear Valued Agile Ticketing Client:
Agile Ticketing Solutions is aware of the recent security vulnerability known as “Heartbleed”. Heartbleed allows attackers to read the memory of systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f); possibly disclosing secret keys, usernames, passwords and other data stored in the server’s memory.
Our main server infrastructure does not rely on OpenSSL and is not susceptible to this vulnerability. We do run an IDPS/WAF (Intrusion Detection Prevention System / Web Application Firewall) network monitoring device that inspects and logs all traffic for PCI compliance. I do know that this device utilizes OpenSSL for SSL/TLS communication and packet inspection. This vendor has verified that we run on an FIPS (Federal Information Processing Standards) version of OpenSSL that has not implemented the SSL heartbeat options that were vulnerable. I am very confident that we do not have any issues related to this vulnerability.
Just to be clear, Agile Ticketing Solutions’ core data, partner data or end-user’s data was not breached by this security vulnerability nor was there an issue with the security certificates issued by our SSL/TLS partner.
If you have questions or concerns regarding Heartbleed or any other security related inquiries, please email email@example.com and a member of our technology team will provide you with additional resources on this matter. You may also want to check out www.heartbleed.com.
Thank you for your attention,
Richard Steward, CEO
Agile Ticketing Solutions