Security researchers announced this Tuesday a serious security flaw in open SSL, a popular data encryption standard used by the majority of websites who transmit data. It is a bug, called the “Heartbleed Bug”, found in the infrastructure that power services that transmit secure information, such as Facebook, Gmail etc. This bug gives hackers the ability to extract data from services that we use every day. This vulnerability lets them steal information from Web servers by tricking their encryption software. Even Canada shut down its Tax website to protect against the “Heartbleed Bug”.
Let us clarify first that Moosend is not affected by this vulnerability, therefore your information continue to stay securily stored in our systems!
Feel any safer? Let’s see now what this procedure is all about. When a computer is connected with another computer with a secure connection, it may check if a real computer exists at the other end, and to ensure this, it sends out something called a “heartbeat”, a small packet of data, asking for a true response. The researchers found that it was possible to send a well-disguised packet of data that looks like a true “heartbeat” to trick the computer at the other end, which then starts sending data that is stored in its memory. It is a programming error in the implementation of OpenSSL. Actually the code has been in OpenSSL for about two years, and using it doesn’t leave a trace.
The “Heartbleed bug” impacted an estimated 2/3rds of all websites. Information like usernames, passwords, credit card numbers and even the content that users have uploaded to a service can be hacked. Unless the companies running vulnerable servers change their encryption keys, even future traffic will be compromised.
So we had to react quickly to ensure that your data was safe with us, therefore all of our SSL Certifications have been updated. We are not aware of any attacks against us and we continue to perform regular security checks. We are not affected by the “Heartbleed Bug” and you can rest assured. As the security of information is of highest priority for us, we are very content that we do not face any security vulnerabilities.
But the situation is an actual alarm for you and your business. Most probably you could be affected either directly or indirectly. Your popular social site, your company’s site, hobby site, sites you install software from etc might be using vulnerable OpenSSL. In order to protect yourself, you should change your online passwords, especially for services where privacy and security are major concerns.
We will be updating you for any news on the issues.