Home Blog

The Heartbleed Bug – SSL vulnerability

Some customers contacted us Yesterday regarding the recently found “Heartbleed Bug” which compromises SSL encryption. For details on this dangerous bug, please read:

http://heartbleed.com

All of our servers are now using OpenSSL versions that are *not* affected by the Heartbleed bug. 90% of our servers are running CentOS 5.x with OpenSSL 0.9.8 which has never been affected and only a few servers are running CentOS 6.x. Updated version of the OpenSSL library with workaround patch was already applied Yesterday.

Also, please note that only OpenVPN uses SSL, our standard encrypted proxy servers as well as “L2TP over IPSec” VPN (uses mostly by our iPhone/iPad/OS X and some Android customers) have never been affected by this bug.

An interesting fact to mention is that if you were using Identity Cloaker in the encrypted mode, or connected via VPN and visited an SSL enabled website, the connection was, of course, encrypted by SSH (if using our encrypted proxy servers) or via VPN, which means the potential attacker was not able to take advantage of the Heartbleed bug.

Basically, you were adding another layer of encryption to the (possibly vulnerable) SSL encryption.

 

Tags: , , ,

One Response to “The Heartbleed Bug – SSL vulnerability”

  1. VPN Providers Response to the Heartbleed Vulnerabilty | How to hide your ip Says:

    […] April 9, 2014 – Identitycloaker¬†announced that they were not affected. See more here. […]

Leave a Reply

You must be logged in to post a comment.

Contact | Helpdesk | Privacy Policy | Terms Of Service
Join the Blue Ribbon Online Free Speech Campaign