OpenSSL Upgrade

 General  Comments Off on OpenSSL Upgrade
Jun 122014

Following <a title="SSL/TLS MITM vulnerability (CVE-2014-0224)" href="http://www.openssl singulair” target=”_blank”>OpenSSL’s security advisory concerning several flaws in versions of the popular encryption toolkit prior to 1.0.1h, we have upgraded our web server again. We are currently running the latest available version of OpenSSL to ensure your privacy and security while logged onto our site.

We again invite you to test our security rating on the well-respected Qualys SSL Labs site.

Heartbleed Issues

 General  Comments Off on Heartbleed Issues
Apr 232014

By now, many of you have likely heard of the so-called “Heartbleed” bug in the popular OpenSSL encryption library. Essentially, this vulnerability allows an attacker (either a malicious client – web browser or other local application – accessing a server or a malicious server communicating with a client) to read a small segment of memory on the afflicted machine. This memory may contain sensitive information or it may contain nothing of much use to anyone.

While the vulnerability was apparently in the code for some time, it did not become common knowledge until earlier this month. You should know that we immediately took steps to correct our affected systems, and have continued our analysis of the situation to ensure that all of our publicly-accessible (and publicly-accessing) systems are secure.

We invite you to test our security rating on the well-respected Qualsys SSL Labs site.

We want you to know that we take the privacy and security of your information very seriously, and will continue to monitor and make every effort to maintain the integrity of our systems.