Prometric Updates Clients and Testing Candidates on Actions to Thwart "Heartbleed" Vulnerability
Technology Audit Verifies Prometric Not Susceptible to Threat
BALTIMORE, MARYLAND, April 11, 2014 — Prometric, trusted as the market-leading test development and delivery solutions provider, has conducted a systems-wide audit and determined its 400 clients and candidates, who take nearly 10 million exams per year, are safeguarded from vulnerabilities associated with the "Heartbleed bug," an encryption affecting specific versions the OpenSSL software library used in many Internet systems to secure data.
"Prometric is NOT susceptible to the Heartbleed vulnerability," reported Paul Forrester, Prometric's Chief Technology Officer. "There is no danger to Prometric clients' or candidates' data because none of Prometric's customer Internet-facing systems are running the vulnerable versions of OpenSSL."
HOW DOES IT WORK?
The Heartbleed vulnerability allows an attacker to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f) without the need for any known credentials or other authentication. This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications. The leaked memory areas could contain a myriad of contents. For this reason there are many attack scenarios for vulnerable systems. In addition, other data in memory may be disclosed, which conceivably could include usernames and passwords of users or other data stored in server memory.
As a precaution and best practice, Prometric's technology and security teams have verified that the company does not use affected versions of OpenSSL and scanned its systems to ensure all client and candidate data are secure. Additionally, by patching and re-keying digital certificates as appropriate wherever non-customer facing systems with the vulnerability were discovered.
"Prometric regularly assesses its technology assets and operations, and we take specific actions for continuous improvement and innovation, to make good on our commitments to excellence," Michael Brannick, President and CEO of Prometric. "Our investments include annual, multi-million dollar capital investments in software applications, security and our people, who develop secure tests, enhance our service capabilities and support every candidate reaching Prometric to meet their testing requirements."
For more information on the Heartbleed vulnerability, visit http://heartbleed.com
Prometric, a wholly-owned subsidiary of ETS, is a trusted and market-leading provider of technology-enabled testing and assessment. Committed to a set of values that get the right test to the right location at the right time and to the right test taker, Prometric supports candidates worldwide who take close to 10 million tests each year. Through innovation, workflow automation and standardization, Prometric advances test development and delivery solutions that are better, faster and at less expense.
Prometric delivers tests flexibly via the Web or by utilizing a robust network of more than 8,000 test centers in more than 160 countries and on behalf of more than 400 clients in the academic, financial, government, healthcare, professional, corporate and information technology markets.
For more information, please visit www.prometric.com.