At TrackVia we have thousands of customers who use us day-in and day-out to manage some of their most mission-critical business applications. The security of TrackVia’s service and of our customers’ data is of utmost importance to us, and we invest a significant amount of time, energy, and resources to ensure that security.
Yesterday morning (September 24, 2014), a widespread critical vulnerability was announced and is currently labeled CVE-2014-6271 (now becoming commonly known as “Shellshock.”) This vulnerability potentially impacts nearly any Internet-based service as the attack vector is in bash, the shell present in all flavors of Linux.
TrackVia’s 24/7 Operations team responded immediately to the announcement and had patched all production systems by the end of the day. We continue to coordinate with our data center vendors as they update their underlying infrastructure as well. Further analysis of the vulnerability makes us confident that an attack against TrackVia would not have been possible in the few hours between announcement and completion of our update process. However, we can now report that TrackVia is fully updated and no longer vulnerable to this attack vector.
The security of your data is and always has been of critical importance to TrackVia, and we will continue to provide a highly secure service.