Are Golden Frog Services Affected by the Heartbleed Bug?
The short answer to the title of this article is “no”. Golden Frog services are not vulnerable to the Heartbleed bug. However, because people do have a right to more of an explanation than that, the company has put out information detailing why their services aren’t affected. Here are the basics of it.
VyprVPN does use a version of OpenSSL—1.0.1e—which is vulnerable to the Heartbleed bug. This version of OpenSSL is used when the OpenVPN protocol is selected. The reason that this service isn’t vulnerable is because the apps would have to connect to servers that send the Heartbleed packets and do not, according to GoldenFrog. The apps are also absent any information that a hacker could use, so there’s no risk to users using the VyprVPN service. The company is updating their OpenSSL, but stresses that no one on their VPN service is vulnerable to this attack. - Read more info about VyprVPN here.
Dump Truck does not use the vulnerable version of OpenSSL. The libraries were updated in early April of this year and the keys are new.
While Dump Truck isn’t vulnerable to this bug at present, Golden Frog still recommends that you go ahead and change your password for the Dump Truck service. You can do this from the Control Panel on your account. This will ensure that you’re completely safe.
What Is Heartbleed?
Heartbleed is a bug in the code of certain OpenSSL versions that allows people to exploit the heartbeat TLS extension. In doing so, they can get information from the SSL server and the client memory, which may include credentials and other sensitive information, possibly even the private crypto key that would allow the attacker to decrypt any information sent between the server and its clients.
However, if you’re using Golden Frog products, you’re safe. Remember to update any passwords you have on other websites, just to be safe, but your Golden Frog accounts are not affected. Change your Dump Truck password, however.