As many are aware by now, the “Heartbleed” bug was a major issue on the internet, which allowed a malicious user to request information from a compromised secure server without password or usernames. The people at OpenSSL along with all of the major OpenSource software companies that use OpenSSL for their Secure Sockets have patched their applications and regenerated public certificates.
Over the past week we have been investigating our systems and have found that www.videobox.com is not affected by this issue. Our SSL (secure socket layer) is handled by a specialized piece of equipment that does not run OpenSSL but uses another form of SSL that does not have the Heartbeat functionality enabled. Our tech team is taking the steps needed to guarantee that our SSL certificates are safe by having the upstream providers of the certs issue new ones as a precautionary step. We have performed some tests and attempted to exploit our own systems using the known means for Heartbleed exploitation and were unable to gather any information from our systems.
If you’d like to understand some more about how the Heartbleed exploit works, here is a small comic that explains things pretty well: http://imgs.xkcd.com/comics/heartbleed_explanation.png.
Rest assured that VB users have not been compromised by Heartbleed. You may want to change your VB password anyway, though, as an event like this is a nice reminder that keeping your passwords fresh is a good idea.
Bob and the VB Team