By now, you have probably heard about “Heartbleed“, a security vulnerability that has affected a majority of the web sites across the Internet, as well as many enterprise software products.
Altair takes computer security very seriously (e.g., PBS Professional is the only EAL3+ security certified HPC workload manager) — so when we found out about Heartbleed, we immediately started a thorough review and analysis of all our products and services to identify any vulnerability points.
We have found that all versions of the following products and services are safe and were never vulnerable to Heartbleed:
• PBS Professional
• PBS Application Services (PAS)
• PBS Analytics
• Compute Manager default configuration, all versions
• Compute Manager Results Visualization (RVS)
• Compute Manager Touch (for iOS)
• Display Manager
• Simulation Manager
• Access Management Service (AMS)
• PBS Desktop
• Altair Licensing (ALMS)
• Altair Connect — our new customer portal that includes an extensive knowledge base
• Altair Online Store — site for buying select Altair software products
• PBS Works User Area — site for downloading PBS software and generating PBS license keys
• HyperWorks On-Demand
• HyperWorks Unlimited
The following products and services have vulnerabilities only under very specific configurations as follows:
• Compute Manager, if specifically configured with “Load Balancing” in versions 12.0.0 through 12.0.3, is vulnerable:
- Load Balancing is an advanced configuration for very large sites that supports hundreds of simultaneous users
– The only affected component is the included Load Balancer service
– Customers with this installation will receive patch notification as soon as it is qualified and released
– If you have used this configuration, Altair recommends upgrading to a later Compute Manager Load Balancing component release, then replacing the SSL keys in use and then changing all the passwords in use within the Compute Manager complex
• Altair Hosted HyperWorks Units (HHWU) service was vulnerable in the past:
– Altair’s HHWU service is now patched and safe
– If you have authorized any machines using the HHWU system, you should log in to Altair Connect and re-authorize those machines
– Note: No customer identifiable information or user passwords are stored in the HHWU system
If you have any questions or concerns, please don’t hesitate to contact your local Altair account manager or email us at firstname.lastname@example.org.
Be safe out there,
Bill Nitzberg, CTO, PBS Works, Altair
PS: For a succinct (and fun) explanation of the Heartbleed bug, I recommend XKCD’s.