Heartbleed – Beanstream is secure, ensure you are as well

Beanstream’s processing server remains secure and unsusceptible to the Heartbleed bug that is affecting many sites using OpenSSL.

However the OpenSSL cryptographic library is very popular for SSL/TLS encryption to secure the internet. “OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as ‘heartbleed.” The bug found on April 7th, 2014 is officially known as CVE-2014-0160.

As a developer it is important to be aware that you’re integrations on your own or customer sites may still be affected if OpenSSL is used on your servers. If you are using OpenSSL on a customer facing site that is integrated to any of the Beanstream services, we recommend:

  • Ensure your servers are running the latest fixed version of the OpenSSL, “fixed version 1.0.1g or newer should be used.”
  • Change your passwords
  • Notify user and encourage them to change passwords

If you are unsure or want to test your server you can use Qualys SSL Labs SSL report, https://www.ssllabs.com/ssltest/index.html

To learn more about the heartbleed bug go to heartbleed.com.

Nicole Stright

Nicole Stright

Nicole is our coffee dependent content specialist. With a quick-witted way with words, she could make you enjoy reading an instruction manual. She was born American, raised Canadian and has lived briefly in Poland. A quintessential west coastian she can be found running the seawall, practicing savasana in yoga or enjoying an over-hopped I.P.A. Nicole is responsible for all of the bean puns as well as creating compelling copy driven by analytics that converts. She strives to simplify the complicated and wants readers to easily understand the often convoluted industry of payments.
Nicole Stright