The bug heartbleed absolutely to the world of internet security in his ear. To quote the Internet security expert Bruce Schneier on the bug heartbleed:
"Catastrophic" is the right word. On a scale of 1 to 10, this is a 11 ".
This is true, the bug went heartbleed Spinal Tap. Is it too dated reference?
the heartbleed bug could exploit a vulnerability in the OpenSSL software. This allowed the hackers to see and fly up memory 64k from vulnerable servers using OpenSSL. the information was mainly with private SSL keys, passwords, the user keys and connections. But to put it simply, just about anything that could be stored on the server was vulnerable.
What about the bug heartbleed
first, a test to see if your site was vulnerable to the bug heartbleed first. If it were, update your SSL certificate ago now a patch for the bug heartbleed. once you've done that, you can change every single password may have been stolen.
Debate on what you need to do is varied, and sometimes ... passionate. You can not go wrong with an SSL certificate updated, and a change of password. You may want to change your passwords again once your new SSL certificate arrives, just to be on the ultra-cautious side.
How our Top 3 VPN were affected or responded to Bug heartbleed
Our suppliers 3 VPN Top all have websites that are hosted on servers with the same potential vulnerabilities for the bug heartbleed than any other website. Be leaders in online security sector , they were quick to discuss their situation and reassure users they were safe against the heartbleed bug.
Hide My Ass users are safe because of separate subdomain
Speaking on their forum in response to heartbleed linked station Hide My Ass responded saying
heartbleed www.hidemyass.com only affected due to the anti-DDOS supplier we use, and the vulnerability was not on our server itself. As you may know, our users interact with the service via a separate server on which subdomain vpn.hidemyass.com was not affected.
Therefore, HMA! Pro VPN users have not had their user credentials exhibited by heartbleed. Nevertheless, it is currently recommended to change all passwords used on the Internet, especially for very sensitive services, such as email and banking. We publish a full statement later today and we have worked to issue clarifications to the media - for example http://gizmodo.com/h...e-is-1560812671
even if you are safe, it is always a good idea to change your passwords!
IPVanish was not affected by heartbleed bug
IPVanish users have nothing to fear . They do not support the particular extension of OpenSSL that was vulnerable (TLS extension 15). All is well with them. Here is their statement from their blog:
A review of the OpenSSL vulnerability heartbleed, we determined that our implementation of SSL was never vulnerable. From the beginning, we used OpenSSL versions that were not affected (OpenSSL versions 1.0.0j, 1.0.0e and 0.9.8). We have not supported the extension TLS 15, the Heartbeat extension vulnerable to attack, and we invite you to use public tools such as http://possible.lv/tools/hb/ or http: // filippo.io/Heartbleed / to test one of our servers to check.
Although never vulnerable, we found that our Web site supports an older version of SSL, SSL V2, we are disabling precaution. In addition, while our servers and software never used the TLS extension 15, we are working to update to the latest version of OpenVPN patch for additional peace of mind.
private Internet access take precautionary measures
private Internet access (PIA) has repeatedly stated that their site was not vulnerable . This was due to their hardware load balancers not running the vulnerable OpenSSL extension (TLS extension 15 again). As a precaution, they still have ahead and changed their certificates
Like their VPN servers, they had this to say on their blog post on heartbleed :.
All our VPN gateways were corrected within 4 hours (UTC 11:17:15 p.m. April 7, 2014) the public disclosure of heartbleed (19:00:00 UTC 7 April 2014) . We went from OpenSSL 1.0.1f non-workable version 1.0.1g. In terms of our key, the original researcher who discovered heartbleed, Neel Mehta, says that private keys are safe, and we agree with its conclusion.
Conclusion on services bugs and VPN heartbleed
The first 3 VPN customers in our ranking are there for a reason. As you read above, they were prepared for an attack like this, and they protected you throughout the ordeal heartbleed bug. Your data was safe , you were safe, and they still had the foresight to take precautionary measures and advise you to do the same by changing your passwords.
Photo credit to open BPO access.
0 Komentar