Heartbleed and iGaming

The week of April 7th a serious vulnerability impacting OpenSSL was made public.  Rather than going into the technical details of the vulnerability it is better to point directly to the source. Shortly after the release of the vulnerability many tools were released to either detect the vulnerability and/or exploit it.  Now all the major vulnerability scanning tools, including Nessus have signatures that you can use to see if you are vulnerable.  I noted that some of our customers were impacted by this issue and notified them and they took steps to mitigate the problem.

It just so happened that the week this issue was released I was in Atlantic City performing iGaming testing for one of our clients (no, they were not vulnerable).  It made me curious and I briefly looked at the rest of the sites in New Jersey.  On April 8th only one site in New Jersey was vulnerable to the heartbleed issue.  As of today, no sites either in New Jersey or Nevada appear to be vulnerable.  A note on this survey; only the primary site was reviewed (most iGaming sites are made up of numerous servers) and the tool used to test the sites was a Firefox plugin that passively examines the server.  Qualys  SSL Labs is another good tool that you can use to detect this vulnerability, along with other SSL problems.

If you are an iGaming operator (or any organization) you should examine all of your sites to verify that they are not vulnerable to this serious issue.