|
Much is being made of the "Heartbleed" vulnerability that is in the news right now. It is a flaw in recent versions of widely used library called "OpenSSL" that many websites use to protect sensitive data. Something that the mainstream press is not reporting accurately is that not all websites use OpenSSL for their encryption and, additionally, not all versions of OpenSSL have the problem. Finally, some website use additional security measures that block data from leaking out via that exploit.
Here at StockCharts, we have had additional measures from F5 Networks in place for years that actively prevent problems like "Heartbleed" from causing secure data to be lost. If you are into technology, you can read more about our protection measures here.
In addition, we have never installed the version of OpenSSL that has the problem. We rely on an alternative SSL solution for encrypting our data.
But don't take my word for it, click here to run an independent "Heartbleed" test against our website.
Note: There are some other "Heartbleed Checkers" that don't actually test for the problem. The most popular one appears to be the one at Lastpass.com. Instead actually testing for the problem, those "checkers" simply check to see when the site last updated its security certificates and then they assume that if the certificates haven't been updated recently, the site is at risk. In our case, that is an incorrect assumption for all the reasons stated above.
Bottom Line: The SSL encryption we use to protect our data was never vulnerable to the Heartbleed issue.
- Chip
Posted by: Gene Inger April 11, 2014 at 19:07 PM