Heartbleed Bug: No Worries

Hey All,

As many are aware by now, the “Heartbleed” bug was a major issue on the internet, which allowed a malicious user to request information from a compromised secure server without password or usernames. The people at OpenSSL along with all of the major OpenSource software companies that use OpenSSL for their Secure Sockets have patched their applications and regenerated public certificates.

heartbleed

Over the past week we have been investigating our systems and have found that www.videobox.com is not affected by this issue. Our SSL (secure socket layer) is handled by a specialized piece of equipment that does not run OpenSSL but uses another form of SSL that does not have the Heartbeat functionality enabled. Our tech team is taking the steps needed to guarantee that our SSL certificates are safe by having the upstream providers of the certs issue new ones as a precautionary step. We have performed some tests and attempted to exploit our own systems using the known means for Heartbleed exploitation and were unable to gather any information from our systems.

If you’d like to understand some more about how the Heartbleed exploit works, here is a small comic that explains things pretty well: http://imgs.xkcd.com/comics/heartbleed_explanation.png.

Rest assured that VB users have not been compromised by Heartbleed. You may want to change your VB password anyway, though, as an event like this is a nice reminder that keeping your passwords fresh is a good idea.

Cheers,
Bob and the VB Team

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Facebook
  • Google
  • bodytext
  • Reddit
  • del.icio.us
  • StumbleUpon
  • TwitThis

Tags:


3 Responses to “Heartbleed Bug: No Worries”

  1. Amber_Method Says:

    Always interesting to hear about what the Videobox team is up to, even when it’s just responding to a vulnerability.

  2. joe Says:

    how about allow “resume” on interrupted downloads again if we have the same IP on attempting resume?

    this is crap, wasting my bandwidth, hundreds of megabytes down the drain and no vids downloaded.

  3. joe Says:

    and just go after the damn p2p crooks stealing your material with a hidden watermark that is unique for each account. enough of this bullshit. a few years ago i used to be able to download a small part of a vid and then resume it two weeks later. this is just crap crap crap.