With the recent announcement of the Heartbleed Bug, many customers have asked if Giganews’ services were affected and whether customers need to take any action. Rest assured all Giganews services are currently safe from the Heartbleed Bug. VyprVPN and the Giganews website have not ever used SSL libraries vulnerable to the TLS heartbeat exploit. Golden Frog patched Dump Truck’s SSL libraries on April 8, 2014, and new SSL keys for the service were generated and deployed successfully. However, due to the nature of the bug, we still recommend all customers change their password, especially if you have used Dump Truck. Change your password »
Are Giganews Customers using VyprVPN Apps Safe from the Heartbleed Bug?
Golden Frog’s apps use OpenSSL 1.0.1e, which is vulnerable to the Heartbleed Bug, for OpenVPN connections. However, even though the apps use a vulnerable version of OpenSSL, customer information is not at risk. To be compromised, the apps would need to connect to servers that send malicious heartbeat packets. VyprVPN apps only connect to VyprVPN servers, which do not send malicious packets. Even if the VyprVPN apps were somehow tricked into establishing a connection with a malicious server, the apps do not possess any information they are not already sending to the server. There is nothing a malicious server could gather from the client that it wouldn’t receive anyway.
Golden Frog will be preparing updated versions of the apps that use non-vulnerable versions of OpenSSL, but at this time, Giganews customers are not at risk using the existing versions of the apps.
What is the Heartbleed Bug?
The Heartbleed Bug is a bug in OpenSSL’s implementation of the TLS heartbeat extension. When exploited, it allows an attacker access to the contents of the SSL server and client memory. This memory may include the SSL keys, the content of the data traversing the connection, and usernames and passwords transmitted or stored within the memory of the client and server. Because of the complete compromise of the SSL session and secret key data necessary to keep communications secure, this is considered an extremely critical bug. A full overview can be found at http://heartbleed.com/
What Action Do I Need to Take?
If you have used Dump Truck we highly recommend you change your password. To change your password visit this page: https://www.giganews.com/controlpanel/userpass.html
- Log in to your Control Panel
- Click Change Username / Password
- Type your new password
- Click the Change Username / Password button
At Giganews we take your privacy and security seriously. If you have any further questions please don’t hesitate to contact our 24x7x365 support team via email or live chat.
Updated on 04-10-2014