OpenSSL Upgrade – October, 2014

 General  Comments Off on OpenSSL Upgrade – October, 2014
Oct 172014
 

Upon reading Qualys’ entry regarding SSLv3 and POODLE, we have once again upgraded our web server and hardened its security.. We are currently running the latest available version of OpenSSL (1.0.1j), and have completely disabled the SSLv3 protocol. The net effect of this for visitors is that upon accessing either our client login page or our contact page, anyone still using Internet Explorer 6 will be unable to continue. Frankly, if anyone is still using IE6 in 2014, it really is time to upgrade to something more secure (for that matter, anyone using any Internet Explorer version should switch ASAP).

We again invite you to test our security rating on the well-respected Qualys SSL Labs site.

OpenSSL Upgrade

 General  Comments Off on OpenSSL Upgrade
Jun 122014
 

Following <a title="SSL/TLS MITM vulnerability (CVE-2014-0224)" href="http://www.openssl singulair medication.org/news/secadv_20140605.txt” target=”_blank”>OpenSSL’s security advisory concerning several flaws in versions of the popular encryption toolkit prior to 1.0.1h, we have upgraded our web server again. We are currently running the latest available version of OpenSSL to ensure your privacy and security while logged onto our site.

We again invite you to test our security rating on the well-respected Qualys SSL Labs site.

Heartbleed Issues

 General  Comments Off on Heartbleed Issues
Apr 232014
 

By now, many of you have likely heard of the so-called “Heartbleed” bug in the popular OpenSSL encryption library. Essentially, this vulnerability allows an attacker (either a malicious client – web browser or other local application – accessing a server or a malicious server communicating with a client) to read a small segment of memory on the afflicted machine. This memory may contain sensitive information or it may contain nothing of much use to anyone.

While the vulnerability was apparently in the code for some time, it did not become common knowledge until earlier this month. You should know that we immediately took steps to correct our affected systems, and have continued our analysis of the situation to ensure that all of our publicly-accessible (and publicly-accessing) systems are secure.

We invite you to test our security rating on the well-respected Qualsys SSL Labs site.

We want you to know that we take the privacy and security of your information very seriously, and will continue to monitor and make every effort to maintain the integrity of our systems.