After the engineering team TorGuard carefully considered our network infrastructure, software and website, we would like to update publicly our clients about the results of these results. While the threats posed by the OpenSSL 1.0.1a heartbleed vulnerability are wide reaching and potentially very serious, our team can confidently say that development has no impact on the safety of TorGuard or services. This position may be updated in the coming days as we continue to analyze and conduct our own private testing on our network.
What is the Bug heartbleed? The Bug heartbleed is a serious vulnerability in the cryptographic software library popular OpenSSL. This weakness allows to steal proprietary information, under normal conditions, the SSL / TLS encryption used to secure the Internet. SSL / TLS ensures the security of communication and privacy on the Internet for applications such as Web, email, instant messaging (IM) and virtual private networks (VPN).
TorGuard immediately responded to these findings by conducting a wide verification system all servers. Please review the results of the latest check below:
TorGuard.net Infrastructure Website:
The end TorGuard.net site before, member area, and end of Directors feedback systems are not affected by this vulnerability. Customers can be assured that impossible feat of this nature may have occurred on the site TorGuard.net previous months when the bug was in the wild. Even so, all administrative passwords are recycled on a regular basis, and we encourage clients to do the same as a precaution. It is also important to make sure your mail provider, instant messaging software, or other secure connection platform used is up to date on this issue.
server systems and TorGuard.tg email client are also not affected by this vulnerability and are not vulnerable in the previous month
TorGuard OpenVPN Software
TorGuard Lite (OpenVPN) -. TG in the famous "lite" OpenVPN application for Windows, Mac and Linux are not affected by this bug because it uses an earlier version of OpenSSL (0.9.8) that has not activated heartbeat. We are also publishing a new version in the coming days with a newly patched OpenSSL library as a formality
TorGuard Pro (viscosity) -. TorGuard has already pushed a software update for Mac and Windows users who will update the VPN client to our latest patched version. Users are prompted by the software update to this latest version, simply select the "Update" button that appears when you start the VPN software. Customers can now download (Viscosity) patched updated software directly to Pro for Windows and Mac here here. Those who are still using the older version will be promoted by day to upgrade
TorGuard Android App -. The application uses OpenSSL android TorGuard the 1.0.0e version that is not affected by this bug. No update Android VPN client is required TorGuard
OpenVPN GUI -. If you use a carrier along version of OpenVPN GUI please take action and to update your client to the latest version of OpenVPN (2.3.3) which has just been published here
tunnelblick GUI - .. If you are a MAC user running tunnelblick, please update to the latest version here
TorGuard VPN server
After a thorough and comprehensive audit of all our VPN server network, we would like to point out that only 5% of our server clusters in each data center were found using the compromised version of OpenSSL. These newly patched places are strictly limited to our data centers US, Swedish, French, Icelandic, British and Dutch. All locations were immediately upgraded to a non-vulnerable version of OpenSSL. New server configurations for these destinations were automatically pushed to all TorGuard software (Lite, Pro, Android), if you use a standalone GUI OpenVPN client software please make sure to download our latest configuration files here . If you use pfsense, iOS or DDWRT scripts TorGuard it is important for you to visit the download page and pick up the latest update to avoid connection errors. Customers using the TorGuard VPN client software brand are encouraged to completely restart the application to download the latest server configs.
severe vulnerabilities such as this serve as a constant reminder that we must always be vigilant in preserving the integrity of the security services. The staff TorGuard is relentlessly committed to preserve these values and will continue to provide professional confidentiality solutions for our customers far into the future.
0 Komentar