Usually Stratodesk systems are not affected by the typical security issues of the major desktop and server operating systems. Also, NoTouch OS is safe from the Heartbleed bug, our used OpenSSL variant in the client OS is not vulnerable. Also, our management virtual appliance that is based on Ubuntu 12.04 LTS, has a setting to Ubuntu security updates automatically and it should already be patched. However, if your virtual appliance does not have Internet access, it can not download the patches, so we advise you to update your virtual appliance.
What is the “Heartbleed” bug?
A bug in the widely used OpenSSL library, notably in the “SSL heartbeat” implementation – hence the name – can lead to exposing the private key. This bug is worse than Apple’s recent “goto fail” problem. Security experts call compare it to a nuclear meltdown. Just now it is finding its way into mainstream media, so chances are high you will hear about it today or tomorrow in evening news or papers.
See here for more information: Heartbleed Discovery website
Please see here for Bruce Schneier’s opinion, he is known worldwide as an independent security expert and author: Bruce Schneier on Heartbleed
Who is – from a Stratodesk perspective – affected?
If you are running our management virtual appliance – since it is based on Ubuntu 12.04 LTS – you are potentially affected. Ubuntu has provided fixes and the virtual appliance is supposed to automatically download Ubuntu security updates, provided you have Internet connectivity.
Please see the section on “Underlying operating system updates” in Updating the Virtual Appliance (Stratodesk Knowledge Base).
Do I need to act on my NoTouch endpoints (PCs/TCs)?
No. These are not affected.