Are Giganews Customers using VyprVPN Apps Safe from the Heartbleed Bug?Golden Frog's apps use OpenSSL 1.0.1e, which is vulnerable to the Heartbleed Bug, for OpenVPN connections. However, even though the apps use a vulnerable version of OpenSSL, customer information is not at risk. To be compromised, the apps would need to connect to servers that send malicious heartbeat packets. VyprVPN apps only connect to VyprVPN servers, which do not send malicious packets. Even if the VyprVPN apps were somehow tricked into establishing a connection with a malicious server, the apps do not possess any information they are not already sending to the server. There is nothing a malicious server could gather from the client that it wouldn't receive anyway.
Golden Frog will be preparing updated versions of the apps that use non-vulnerable versions of OpenSSL, but at this time, Giganews customers are not at risk using the existing versions of the apps.
What is the Heartbleed Bug?The Heartbleed Bug is a bug in OpenSSL's implementation of the TLS heartbeat extension. When exploited, it allows an attacker access to the contents of the SSL server and client memory. This memory may include the SSL keys, the content of the data traversing the connection, and usernames and passwords transmitted or stored within the memory of the client and server. Because of the complete compromise of the SSL session and secret key data necessary to keep communications secure, this is considered an extremely critical bug. A full overview can be found at http://heartbleed.com/
What Action Do I Need to Take?If you have used Dump Truck we highly recommend you change your password. To change your password visit this page: https://www.giganews.com/controlpanel/userpass.html
- Log in to your Control Panel
- Click Change Username / Password
- Type your new password
- Click the Change Username / Password button
To stay up to date on Giganews, please subscribe to our blog and follow us on Giganews Facebook, Giganews Twitter, Giganews YouTube Channel, and Giganews Google+.
Updated on 04-10-2014