Insurance Website Builder and AgencyBuzz and the Heartbleed Vulnerability

April 10, 2014 Laird Rixford

The Heartbleed vulnerability within the open source library OpenSSL (CVE-2014-0160) has received a significant amount of attention this week. When this vulnerability is exploited the server might reveal critical data such as user name, passwords, or SSL private key information to an attacker. Many of our customers have asked us whether this vulnerability affects ITC's offerings, specifically Insurance Website Builder and AgencyBuzz. We are happy to confirm that Heartbleed does not affect our website and marketing products and services.

The Long Version

For those who like more than the short and sweet, I will explain further. For all of our servers and products, ITC uses Microsoft technologies for development and hosting. All Windows operating systems and IIS (the web server within Windows) versions do not use OpenSSL but instead use a proprietary encryption component Secure Channel. Load balancers, secure web gateways and firewalls employed within the platform use Microsoft technologies and are not vulnerable to Heartbleed.

Specific to Insurance Website Builder customers, we use third-party vendors for email hosting. These vendors are IceWarp and Rackspace. While IceWarp does utilize OpenSSL, the 10.4.5 version that ITC uses for email hosting employs a branch of the OpenSSL library that is not vulnerable. As for Rackspace, they have confirmed that Heartbleed has not affected any of their public facing servers related to their email hosting services. Rackspace does have systems that are vulnerable that reside outside the realm of their email hosting products. While these do not affect ITC customers, they are actively patching these servers.

Proactively, attack vector signatures were added to ITC's intrusion detection devices hours after Heartbleed was discovered. This action allowed us to verify that even if a server was vulnerable to attack, the incident would have been logged and blocked before any data was compromised.

As always, ITC is committed to the security of you and your customer's data. We only use technologies that are supported and accounted for by their respective manufacturers and refrain from using open source technologies that might create a vulnerability that is not actively supported by an interested party.

Finally, many websites and services around the Internet were affected by this critical vulnerability. Please review this site for a comprehensive list of sites that were affected by Heartbleed. If you share a common password with one of the affected websites and ITC's services, we highly recommend you change both passwords immediately. If you have any questions, feel free to leave them in the comments below or contact us at (800) 383-3482 or

Referenced Sources

NIST Vulnerability Summary for CVE-2014-0160

Information about HeartBleed and IIS

IceWarp Forum Post Relating to OpenSSL 1.0.1g HeartBeat Bug

Rackspace Protect Your Systems From 'Heartbleed' OpenSSL Vulnerability

The Heartbleed Hit List: The Passwords You Need to Change Right Now

About the Author

Laird Rixford

As CEO, Laird Rixford is responsible for providing strategic direction and leadership for the company. Rixford has a proven executive management track record and has more than 20 years of experience in entrepreneurship and insurance technology. An expert in insurance technology and marketing, Laird is a recognized public speaker and has presented at industry events across the United States.

Follow on Twitter Follow on Linkedin More Content by Laird Rixford
Previous Article
TurboRater and TurboStorm and the Heartbleed Vulnerability

Learn how the TurboRater and TurboStorm platforms are not affected by the Heartbleed vulnerability.

Next Article
The History of Search Engine Optimization
The History of Search Engine Optimization

The most important factors affecting search engine optimization over the past two decades.