Announcement

Collapse
No announcement yet.

OpenSSL heart bleed bug issue resolved for SellerDeck Payments and Hosting users

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    OpenSSL heart bleed bug issue resolved for SellerDeck Payments and Hosting users

    Hi all,

    You may or may not have heard the news this week about the bug in OpenSSL which the media are naming “Heart Bleed”. If you do a search on your search engine for “heart bleed SSL”, this will produce many results.

    OpenSSL is software which is supposed to protect sensitive data across the Internet. A two year old bug has been discovered which affects millions of web servers across the Internet making those affected servers vulnerable depending on the version of OpenSSL they are using. Some sources report this could affect up to 66% of the internet.

    We can confirm that we are aware of this issue and have resolved the issue already. We have patched our SellerDeck Payments server, and we have also patched four affected SellerDeck hosting servers.

    We are now in the process of changing the SSL certificates on our SellerDeck payments gateway. This change in SSL certificates does not require our customers to do anything and it will not affect the service in anyway.

    ---------------------------------------------------------------------------------

    FAQ:

    I am using SellerDeck Payments; do I need to do anything?

    No. SellerDeck has applied a patch to fix the bug, and we are now in the process of changing the SSL certificates. No action is required from the merchant.

    Will this result in any loss of service/downtime?

    No.

    Will this affect the SellerDeck software in anyway?

    No.

    Has my data been hacked by anyone?

    It is extremely unlikely that any information has been hacked and you cannot and do not need to do anything about this scenario.

    Technical explanation: the loop hole was found by a Google employee and various measures (including a fix for the problem) developed before the discovery was made public. To exploit the loop hole, a man-in-the-middle attack would need to be used. It is unlikely SellerDeck customers are impacted because:
    1. There is no evidence that anyone outside Google had discovered this bug and if they had it is very likely that would have come to light
    2. SellerDeck users would be way down the list of likely targets if anyone had discovered it as there would be much higher value targets available
    3. For a man in the middle attack to be exploited there must be further security vulnerabilities which again reduce the probability.


    My website is not hosted by SellerDeck, what do I do?

    Contact your hosting company to confirm they are aware of this and have applied the OpenSSL patch.
    Paul Murphy
    Operations Manager - SellerDeck
Working...
X