vtsupply.com is SAFE
As you may have heard, an Internet-wide security threat emerged 4/8/14 called the Heartbleed bug. Online security is a topic that we take EXTREMELY seriously and is also why we use hosted payment solution by plugnpay to ensure that your most sensitive data is guarded by a 24/7 100% dedicated visa/mastercard security staff. Once we learned about this issue we began addressing it immediately and we’ve compiled this list of questions and answers to help you understand the Heartbleed bug, let you know what we’ve done to address it and let you know what you can do to protect your private information.
What is the Heartbleed bug?
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. Because the vulnerability itself could leak/bleed information and it involved the Heartbeat function of OpenSSL, the vulnerability was nicknamed “Heartbleed.” This weakness allows hackers to steal information normally protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging and some virtual private networks. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content which allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
What is being done?
This vulnerability was assigned an identifier of CVE-2014-0160 and was quickly patched by the maintainers of OpenSSL. That patch was made publicly available and our server service provider immediately patched, tested, and verified all systems are secured.
The security of our customers is a top priority. We began addressing this issue immediately upon disclosure and have successfully applied patches to all of our platforms. The likelihood that private information was compromised is very minimal due to the lack of a public exploit at the time of the disclosure. As always, we will continue to work to protect the security of our customers and their data.
Is my server vulnerable?
There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable and information is secure.
Has vtsupply replaced their SSLs?
Yes. Upon the disclosure of the vulnerability we immediately reached out to our SSL providers and began the process of having all of our internal and external SSLs reissued.
Was my security, password or privacy compromised?
There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is minimal due to the lack of a public exploit at the time of the disclosure. If you are concerned, you are welcome to use our Change Password account tool to select a new password. If you do change your password, consider that this vulnerability existed across the majority of the Internet and password changes should be done anywhere you store sensitive information.
To check potential vulnerability on the vtsupply service or with any other provider, there is a reliable tool available at http://heartbleedcheck.com/.
Where can I learn more about Heartbleed?
For more details about the Heartbleed bug, please visit heartbleed.com.