April 11, 2014

You Were Always Safe: MURAL's Response to Heartbleed

Tags:
Johnny Halife

Founder & (former) Chief Information Security Officer (CISO) at MURAL. Loves building big ideas, turning complex into simple.

As you might already know, this week the internet went crazy about a security vulnerability in OpenSSL called ‘Heartbleed’. It's an encryption flaw that is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.


MURAL does not use OpenSSL to terminate SSL connections, so we were not affected at all. We use a different encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability. Therefore, you don't need to change your password (unless you used the same password on other sites that've been affected by Heartbleed).

As OpenSSL library is used by roughly two-thirds of all websites on the Internet, we recommend you to read the following article on Life Hacker which focus on what you should do, also you shouldn't miss the Mashable's a list of  "the passwords that you need to change right now!"


At MURAL your privacy is always our first concern, that's why we wanted to keep you posted. If you have questions or concern feel free to drop us a line at support@MURAL.