BrightSign and the Heartbleed Vulnerability
This statement is related to the recent Heartbleed vulnerability with OpenSSL and its potential effect on BrightSign products.
BrightSign Players
BrightSign players do not use OpenSSL to communicate with the BrightSign Network (or remote web servers if set up for Simple File Networking), nor do they use OpenSSL to retrieve HTML resources from remote locations. Therefore, the players themselves were at no time vulnerable to attacks.
BrightSign Network
Several of the BrightSign Network servers use OpenSSL to communicate with players, BrightAuthor, and web browsers (via the WebUI). All servers were patched, fixing the OpenSSL vulnerability, by the end of Saturday, April 12th (PDT).
If you have sensitive information on your BrightSign Network account, we recommend changing your account password (by logging in to the BrightSign Network, clicking on the Account tab, and entering information into the Password Reset fields).
5 Comments