This page (https://support.globus.org/entries/50667608) has been updated with new information and recommendations regarding GT and Heartbleed. In particular, we have determined that while the Globus Toolkit services do not appear to be vulnerable to a stock Heartbleed exploit, we have determined they would be vulnerable to customized versions of Heartbleed.
We highly recommend you update OpenSSL on all systems running Globus Toolkit services, to prevent future exploits using a customized version of Heartbleed. If you are concerned about potential past customized exploits, you should also get new host certificates. -Steve On Apr 8, 2014, at 10:03 PM, Steve Tuecke <[email protected]> wrote: > We have reviewed all Globus services and Globus Toolkit components to > determine the impact of the OpenSSL vulnerability described in CVE-2014-0160 > (also known as the Heartbleed bug). We have created a page with a list of our > analysis and actions we have taken, as well as precautions that end users and > resource providers can take to ensure the security of their systems. > > https://support.globus.org/entries/50667608 > > This page will be updated as we learn more. > > -Steve
