Home Blog

Archive for April, 2014

The Heartbleed Bug – SSL vulnerability

Wednesday, April 9th, 2014

Some customers contacted us Yesterday regarding the recently found “Heartbleed Bug” which compromises SSL encryption. For details on this dangerous bug, please read:

http://heartbleed.com

All of our servers are now using OpenSSL versions that are *not* affected by the Heartbleed bug. 90% of our servers are running CentOS 5.x with OpenSSL 0.9.8 which has never been affected and only a few servers are running CentOS 6.x. Updated version of the OpenSSL library with workaround patch was already applied Yesterday.

Also, please note that only OpenVPN uses SSL, our standard encrypted proxy servers as well as “L2TP over IPSec” VPN (uses mostly by our iPhone/iPad/OS X and some Android customers) have never been affected by this bug.

An interesting fact to mention is that if you were using Identity Cloaker in the encrypted mode, or connected via VPN and visited an SSL enabled website, the connection was, of course, encrypted by SSH (if using our encrypted proxy servers) or via VPN, which means the potential attacker was not able to take advantage of the Heartbleed bug.

Basically, you were adding another layer of encryption to the (possibly vulnerable) SSL encryption.

 

Contact | Helpdesk | Privacy Policy | Terms Of Service
Secured by RapidSSL  Join the Blue Ribbon Online Free Speech Campaign