Posted by & filed under News, Other, Service.

A few weeks ago the Internet was shocked by discovery of critical bug in OpenSSL library, which allows an attacker to retrieve private keys, user logins, passwords and other sensitive information right from the server.

Heartbleed

We’ve made an internal audit and now can surely confirm that our VPN service is not affected. OpenSSL was not used to provide VPN services and the only place where OpenSSL was used is website. But since authorization is done by separate servers and web server software does not have direct access to user’s credentials, there was no threat to leak it.

You do not have to update password for Seed4.Me, but most probably you have to do that for other services. Most vulnerable are HTTPS web services with direct authorization and OpenVPN VPN providers.

 

Comments are closed.