Tweet
Many of you have heard about the so-called "Heartbleed" bug by now. This problem affects some SSL (secure web) servers that use recent versions of the OpenSSL implementation of the protocol.
NONE of Click&Pledge servers uses OpenSSL and are therefore not vulnerable to this issue. In addition our firewalls are updated almost daily. This includes a recent update that short-circuits any attempt to take advantage of the vulnerability.
Because our servers never had the vulnerability in the first place you do not need to worry about changing passwords or that any of your data has been compromised.
Note:
We have received many inquiries about a site (http://filippo.io/Heartbleed/) that apparently checks for the vulnerability. Checking for any of our sites results in failure since we block any such scan. The site's URL clearly indicates this problem with their site:
For example checking "Connect.ClickandPledge.com" -> http://filippo.io/Heartbleed/#connec...pledge.com:443
Results in: Uh-Oh, something went wrong:
Referring to the site's FAQ:
Per the site's FAQ and our network design any such attempt will fail since Click & Pledge blocks any such scanning attempt.
Click & Pledge is PCI Level 1 certified and this threat is among many that we monitor and have monitored on a daily basis. Our servers are scanned daily and monitored 24x7 per PCI mandates.
NONE of Click&Pledge servers uses OpenSSL and are therefore not vulnerable to this issue. In addition our firewalls are updated almost daily. This includes a recent update that short-circuits any attempt to take advantage of the vulnerability.
Because our servers never had the vulnerability in the first place you do not need to worry about changing passwords or that any of your data has been compromised.
Note:
We have received many inquiries about a site (http://filippo.io/Heartbleed/) that apparently checks for the vulnerability. Checking for any of our sites results in failure since we block any such scan. The site's URL clearly indicates this problem with their site:
For example checking "Connect.ClickandPledge.com" -> http://filippo.io/Heartbleed/#connec...pledge.com:443
Results in: Uh-Oh, something went wrong:
Referring to the site's FAQ:
Per the site's FAQ and our network design any such attempt will fail since Click & Pledge blocks any such scanning attempt.
Click & Pledge is PCI Level 1 certified and this threat is among many that we monitor and have monitored on a daily basis. Our servers are scanned daily and monitored 24x7 per PCI mandates.