Monday, 21 April 2014

OpenVPN Found Vulnerable to Heartbleed, SumRando Safe

Our users' privacy and security are what drive us here at SumRando.  And we were happy to report on this blog and through social media, the SumRando VPN has not been affected by the dreaded Heartbleed vulnerability that has rocked internet businesses and users. As the analysis of Heartbleed continues, details are emerging about how few HTTPS-enabled sites have taken action to protect themselves and their visitors and new ways to identify those sites susceptible to Heartbleed.  In the past several days, there has been recognition that the widely-used OpenVPN is exposed.  Evidence that OpenVPN has been affected by Heartbleed will likely signal to VPN users that they need to take additional measures to protect themselves.  While VPN users are typically more proactive consumers by seeking out such services, the news that a VPN service could be affected should cause concern.

Ars Technica reports that a VPN company successfully extracted keys from OpenVPN through OpenSSL.  Although OpenVPN had signaled the likelihood of exposure, it wasn’t until Wednesday that OpenVPN addressed the issue publiclySweden-based VPN Mullvad successfully extracted keys for the purpose of testing potential exposures with OpenVPN and warned that others with malicious intentions could inflict significant damage.  Mullvad will not be sharing their code because of potential damage it could do to those who have not already upgraded to protect against Heartbleed.

Here at SumRando, we are happy that our VPN has not been affected by Heartbleed. We immediately took action to ensure our VPN's security. We share our users' concerns about Heartbleed's impact on other trusted services, and we are happy to answer any questions you might have about Heartbleed as it relates to SumRando VPN. Feel free to comment below or send us an email directly at contact@sumrando.com.

No comments:

Post a comment