After a review of the vulnerability heartbleed OpenSSL, we determined that our implementation of SSL was never vulnerable. From the beginning, we used OpenSSL versions that were not affected (OpenSSL versions 1.0.0j, 1.0.0e and 0.9.8). We have not supported the extension TLS 15, the Heartbeat extension vulnerable to attack, and we invite you to use public tools such as http://possible.lv/tools/hb/ or http: // filippo.io/Heartbleed / to test one of our servers to check.
Although never vulnerable, we found that our Web site supports an older version of SSL, SSL V2, we are disabling precaution. In addition, while our servers and software never used the TLS extension 15, we are working to update to the latest version of OpenVPN patch for additional peace of mind.
In summary, at no time data IPVanish compromised as a result of heartbleed. Because of the scope of this feat IPVanish if your password is shared with another service, which is not recommended, we suggest that you update immediately.
Please see http://heartbleed.com/ for more information about this exploit and check back on this blog for more information.
0 Komentar