Wednesday, April 23rd 2014

Thecus Unaffected by Heartbleed

While Thecus NAS do make use of OpenSSL, the specific branches adopted by Thecus's software development team are in fact entirely unaffected by Heartbleed (as it only affects versions 1.0.1 through 1.0.1f). So when the news about Heartbleed broke, Thecus developers quickly established that Thecus devices were never vulnerable to malformed heartbeat requests.

Given the importance of confirming system vulnerability, a number of media outlets have reached out to Thecus support staff. In France, Stéphane Guérithault spoke to Next Inpact and confirmed that ThecusOS5 and OS6 were unaffected but that additional apps were being revised and updated by their respective developers so that Heartbleed fixes would be swiftly implemented.
The Past Secured, the Future Ensured
With a number of other hardware manufacturers rushing to release new firmware, reports have started to emerge suggesting that, since the Heartbleed vulnerability was accidentally introduced in March 2012, a number of parties have grown aware of and exploited the loophole. What this means is that Thecus NAS have been some of the few devices fully immune to such intrusions over the past two years.

So as networks worldwide recover from potential intrusions, Thecus users can trust that the insight and expertise that protected their NAS from the Heartbleed bug are still hard at work designing the next generation of advanced hardware and software. Because with Thecus, come rain, shine, or missing bounds checks, your data will remain safe.
Add your own comment

3 Comments on Thecus Unaffected by Heartbleed

Resident Wat-man
People don't seem to realize that you need the heartbeat extension installed for the bug for be present on non-patched systems and IIRC it's not enabled by default. So really, this bug impacts next to nobody except businesses who use heartbeat.
Posted on Reply
Easy Rhino
Linux Advocate
We need a press release for this on TPU?
Posted on Reply
Easy Rhino said:
We need a press release for this on TPU?
It's social marketing... I've seen individual sales websites claiming they are not affacted by heartbleed, blah, blah, blah. Maybe that makes some folks feel more comfortable but it's not like heatbleed is the only malicious software out there, it just happen to affect SSL which is not the end all or be all of digital security.
Posted on Reply