“Heartbleed” OpenSSL Vulnerability Fixed on WebsiteAlive

Updates

On Monday this week, security researchers released details of a security vulnerability in the OpenSSL protocol which potentially allows an attacker to access information from a client or server’s memory (CVE-2014-0160: http://www.openssl.org/news/vulnerabilities.html).

The vulnerability has been fixed in OpenSSL v1.0.1g.

Like most other companies on the Internet, we also use OpenSSL library in our environments and unfortunately were affected with this bug.

Due to the nature of this vulnerability, there is no method to know 100% if you were affected with this issue.

Because of this, we highly recommend changing your passwords within your WebsiteAlive accounts (and any other online passwords you use on other sites for that matter).

We’ve already upgraded all necessary services on our front end and back end which uses the OpenSSL library, so the security hole is closed.

Specifically, we’ve updated our internal software services such as HTTP/VPN and keep a record in order to track progress on the updates from other 3rd-party SaaS services that we are using such as Amazon AWS, SendGrid, and Braintree. We’ve also reissued all SSL certificates in order to protect our customers from possible consequences of this vulnerability.

If you have any questions or need additional details, feel free to contact us at vip@websitealive.com.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Updates
Microsoft Dynamics Integration

  AliveChat Now Integrates with Microsoft Dynamics CRM! *Microsoft Dynamics CRM 365 only   Agents can now: – Search your Microsoft Dynamics CRM during a chat session to see if that person already exists. – Create a new Lead or Account from right within the Operator Console. The chat session …

Updates
Operator Profile Avatars & Visitor Sound Notifications

2014 is here and we’ve started it off with an icy blast of some cool new feature updates! You spoke and we listened. This past month our team worked long hours despite all the holiday traffic, countless weather challenges, and many overstuffed family dinners to bring you a refreshed WebsiteAlive interface.

Updates
A Brand New Interface

NOTE: All WebsiteAlive accounts will be AUTOMATICALLY UPGRADED before 12/31/2013. To test the interfaces, feel free to log into our Preview Demo Account. Also, we can provide you a fully-functional test account for your organization, just contact us at vip@websitealive.com.

Bitnami