Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

You Are Secure: Virtru Messages Safe from Heartbleed

April 10, 2014

Just yesterday several old college friends, my sister, my brother, and my parents all emailed me about this huge OpenSSL bug – Heartbleed. They were wondering what it meant for their own privacy.

My quick advice: change your passwords everywhere, but understand that Yahoo and Google are still patching servers. Any emails encrypted with Virtru since our launch in January are safe.

I responded to all of them with a Virtru-secured email, and this is what I wrote:

Heartbleed is important, but there’s no reason to believe that you personally have been targeted. What Heartbleed really means is that someone could have access to the last two years of your encrypted traffic to several websites including Facebook, Google, and Yahoo. If they had an interest in storing this data and they took advantage of the Heartbleed vulnerability then it is very likely that everything you’ve done online has been compromised.

Think of it this way. If you knew about Heartbleed over the past two years then you had an easy way to unlock every door without being traced. Governments, hackers – if any of them understood this vulnerability then that little padlock in your browser meant nothing to them.

Should an individual panic about this encryption bug? Is it time to retreat into the mountains and stop using the internet? I don’t think so, but everyone should take immediate action to address the real risk that all of your encrypted communications for a two year window are an open book.

For the record, Virtru emails we’ve exchanged since January are not affected by Heartbleed. The engineers are very focused on the latest developments in encryption and they turned on something call Perfect Forward Secrecy in January before the service went public. If I’ve sent you emails on Virtru since our launch they’ve been secure all along.

I do recommend that you change your passwords – everywhere. Here’s a just a small list of services that we know were affected which I’m certain you all use:

  1. Google Gmail

  2. Yahoo! Mail

  3. Google Search

  4. Google Wallet

  5. Yahoo! Finance

  6. YouTube

  7. Facebook

As far as services that were not affected:

  1. Twitter

  2. Virtru

Again, change your passwords and start taking a few extra precautions for securing your information. This isn’t the first or last bug we’ll find in encryption software, but it certainly is the biggest I’ve ever seen. If you send information that you want secured, take extra steps and use Virtru as an extra level of protection.

BEFORE YOU LEAVE

Stay Up to Date With the Latest in Digital Privacy

Subscribed! 

You're one step away from a personalized walkthrough.

Thank You for Your Interest

Which product are you interested in?

REQUEST A DEMO

REQUEST A DEMO

We'll reach out to schedule a time.