The Heartbleed Bug – SSL vulnerability
Some customers contacted us Yesterday regarding the recently found “Heartbleed Bug” which compromises SSL encryption. For details on this dangerous bug, please read:
All of our servers are now using OpenSSL versions that are *not* affected by the Heartbleed bug. 90% of our servers are running CentOS 5.x with OpenSSL 0.9.8 which has never been affected and only a few servers are running CentOS 6.x. Updated version of the OpenSSL library with workaround patch was already applied Yesterday.
Also, please note that only OpenVPN uses SSL, our standard encrypted proxy servers as well as “L2TP over IPSec” VPN (uses mostly by our iPhone/iPad/OS X and some Android customers) have never been affected by this bug.
An interesting fact to mention is that if you were using Identity Cloaker in the encrypted mode, or connected via VPN and visited an SSL enabled website, the connection was, of course, encrypted by SSH (if using our encrypted proxy servers) or via VPN, which means the potential attacker was not able to take advantage of the Heartbleed bug.
Basically, you were adding another layer of encryption to the (possibly vulnerable) SSL encryption.
Tags: heartbleed bug, ssh, ssl, vpn
April 10th, 2014 at 10:34 am
[…] April 9, 2014 – Identitycloaker announced that they were not affected. See more here. […]