9 Apr 2014

News hype about 'heartbleed' security bug - Easitill Sites are safe


A bug in software used by web servers could have exposed anyone visiting sites they hosted to spying and eavesdropping, say researchers.

The Bug has been named "Heartbleed"


The bug is in a software library used in servers, operating systems and email and instant messaging systems.

Called OpenSSL the software is supposed to protect sensitive data as it travels back and forth.

The bug in OpenSSL was discovered by researchers working for Google and security firm Codenomicon.

The "serious vulnerability" allowed anyone to read chunks of memory in servers supposedly protected with the flawed version of OpenSSL. Via this route, attackers could get at the secret keys used to scramble data as it passes between a server and its users.

To help people check their systems some security researchers have produced tools that help people work out if they are running vulnerable versions of OpenSSL.

How does this affect Easitill Website Customers?
Firstly Easitill Ecommerce sites do not store, transmit or collect sensitive data such as credit card details.
These are all handled directly through the payments gateways we use.
These sites are secure and encrypted and meet PCI DSS compliance themselves.

The payment gateway providers our websites use are:
Barclays
CardSave
Paypoint
SagePay
Worldpay

We at Easitill have run the checks for vunerabilities using the available tools and can confirm that the above 5 Payment Gateway Servers are not vunerable to this flaw.