TLS HeartBleed Recommendations – message from Le VPN CEO

TLS HeartBleed Recommendations – message from Le VPN CEO

In light of recent events concerning the newly discovered vulnerability in OpenSSL, we want to bring your attention to a few things.

First, we have thoroughly audited our network and infrastructure and can confirm that none of the Le VPN servers or infrastructure is vulnerable to the new OpenSSL HeartBleed bug. It is and always has been safe to use Le VPN.

Second, we want to explain how HeartBleed can impact you.

This vulnerability allows attackers to not only obtain full access to targeted systems, but also to hijack its SSL certificates and private keys. There are more than half a million vulnerable websites, and it is very probable that their SSL certificates can be, or may already have been stolen.

As the webmasters struggle to fix this issue, we do believe that a significant amount of vulnerable websites won’t perform ALL of the necessary steps, as these include routine and complex processes, such as SSL certificate revocation and renewal. It is obvious that some hacker groups are already collecting SSL identities from all of the vulnerable hosts in order to reproduce attacks later.

This way, even if the OpenSSL vulnerability is fixed, if the SSL certificate remains the same a fraudster can produce a “Man in the Middle” attack. This type of attack allows interception of all traffic between victim and webhost, including your passwords, user names and other sensitive data.

Cases of intercepted SSL certificate attacks will be possible, even against websites with SSL. This means that even if a victim uses https:// and has a green SSL sign in the address bar, his data can be still intercepted. This type of attack was rarely possible earlier, as SSL certificates are usually well protected by webhosts; however, HeartBleed makes this attack possible, as it allows attackers to expose the host’s SSL identity.

The best way to protect yourself against this will be to use Le VPN.

Le VPN users with an active VPN connection will avoid any type of “Man in the Middle” attacks, as all of their traffic will pass through an encrypted tunnel using safe and trusted DNS servers. Le VPN makes it impossible to re-route or poison your traffic.

Therefore, we do encourage you to use Le VPN for any networks that are not trusted networks.

Stay Secure!

Le VPN team

Use the Internet by Your Own Rules

Try Le VPN7 days moneyback

No Comments Yet.

Leave a reply