Golden Frog Customers Safe from Heartbleed Bug – What Action Should You Take?

In the wake of the Heartbleed Bug, many Golden Frog customers have reached out to see if Golden Frog’s services were affected and whether customers need to take any action. First and foremost, rest assured all Golden Frog services are currently safe from the Heartbleed Bug. VyprVPN and the Golden Frog website have not ever used SSL libraries vulnerable to the TLS heartbeat exploit. Dump Truck’s SSL libraries were patched on April 8, 2014, and new SSL keys for the service were generated and deployed successfully. However, due to the nature of the bug, we still recommend all customers change their password, especially if you have used Dump Truck. Change your password »

Are the VyprVPN Apps Vulnerable?

Our apps use OpenSSL 1.0.1e, which is vulnerable to the Heartbleed Bug, for OpenVPN connections. However, even though the apps use a vulnerable version of OpenSSL, customer information is not at risk. To be compromised, the apps would need to connect to servers that send malicious heartbeat packets. Our apps only connect to VyprVPN servers, which do not send malicious packets. Even if the VyprVPN apps were somehow tricked into establishing a connection with a malicious server, the apps do not possess any information they are not already sending to the server. There is nothing a malicious server could gather from the client that it wouldn’t receive anyway.

We will be preparing updated versions of our apps that use non-vulnerable versions of OpenSSL, but at this time, customers are not at risk using the existing versions of the apps.

What is the Heartbleed Bug?

The Heartbleed Bug is a bug in OpenSSL’s implementation of the TLS heartbeat extension. When exploited, it allows an attacker access to the contents of the SSL server and client memory. This memory may include the SSL keys, the content of the data traversing the connection, and usernames and passwords transmitted or stored within the memory of the client and server. Because of the complete compromise of the SSL session and secret key data necessary to keep communications secure, this is considered an extremely critical bug. A full overview can be found at http://heartbleed.com/

What Action Do I Need to Take?

If you have used Dump Truck we highly recommend you change your password. To change your password visit this page: https://www.goldenfrog.com/controlpanel/account/password.

  • Log in to your Control Panel
  • Click Account
  • Click the Change link next to Password
  • Type your new password
  • Click the Change Password button

At Golden Frog we strive to keep our customers secure and appreciate all the questions we have received. We are happy to see our customers value their privacy and security and will continue to provide any updates necessary regarding heartbleed. If you have any further questions please don’t hesitate to contact our 24x7x365 support team via email or live chat.

To keep up to date with Golden Frog, please subscribe to the Golden Frog blog and follow us on Facebook, Twitter and Google+. Or, if you have a product idea or feature request, please share it with us at http://ideas.goldenfrog.com.

Updated on 04-10-2014

Submit a Comment

Comments

  1. jack black says:

    Hi , So pardon me but exactly what can vypr do for me that i don’t already have and how secure is it,and exactly when do you deem an account in terms of violation and of what ?

  2. ira pollack says:

    I’ve never used dumptruck, but do use OpenVPN. Do I need to change my password? It looks like your answer is “maybe”.

  3. George says:

    Thats good to hear that your VPN service were not affeected by Heartbleed