Chip Anderson

No Bleeding Hearts Here at StockCharts.com

 | 

Much is being made of the "Heartbleed" vulnerability that is in the news right now.  It is a flaw in recent versions of widely used library called "OpenSSL" that many websites use to protect sensitive data.  Something that the mainstream press is not reporting accurately is that not all websites use OpenSSL for their encryption and, additionally, not all versions of OpenSSL have the problem.  Finally, some website use additional security measures that block data from leaking out via that exploit.

Here at StockCharts, we have had additional measures from F5 Networks in place for years that actively prevent problems like "Heartbleed" from causing secure data to be lost.  If you are into technology, you can read more about our protection measures here.

In addition, we have never installed the version of OpenSSL that has the problem.  We rely on an alternative SSL solution for encrypting our data.

But don't take my word for it, click here to run an independent "Heartbleed" test against our website.

Note: There are some other "Heartbleed Checkers" that don't actually test for the problem.  The most popular one appears to be the one at Lastpass.com.  Instead actually testing for the problem, those "checkers" simply check to see when the site last updated its security certificates and then they assume that if the certificates haven't been updated recently, the site is at risk.  In our case, that is an incorrect assumption for all the reasons stated above.

Bottom Line: The SSL encryption we use to protect our data was never vulnerable to the Heartbleed issue.

- Chip

Chip Anderson
About the author: is the founder and president of StockCharts.com. He founded the company after working as a Windows developer and corporate consultant at Microsoft from 1987 to 1997. In this blog, Chip shares his tips and tricks on how to maximize the tools and resources available at StockCharts.com, and provides updates about new features or additions to the site. Learn More
Subscribe to Chip Anderson to be notified whenever a new post is added to this blog!
Great observation; just read a release from LastPass, which indeed made the assumption you note. Thanks for enlightening us about Open SSL; you are very thorough and candid in your approach. Appreciated!
comments powered by Disqus