Security Advisory

Heartbleed SSL Bug

The Heartbleed Bug discovered this week affects millions of secured websites worldwide. Unfortunately we at BRACE discovered that our secured server was also affected by this bug. In short:

  • Was BRACE's secured webserver affected by the bug? YES
  • How severe is this bug? MEDIUM
  • Why did BRACE use insecure software? The bug was discovered in a program part used by millions of webservers worldwide. Many big companies, even Google, have the same troubles. The software is reviewed regulary, but sometimes programming mistakes are not uncovered or not fixed quickly. The underlying program has proven its realibility over many years and it is still considered as being safe. BRACE tests as other web site owners all its software for security on a regular basis and fixes all security issues as quick as possible. If no update is available, BRACE rather removes the service (temporarily) instead of exposing our customers to a potential security problem.
  • What does it mean for my files and data available on the page? The files and data are secured and safe. However, the bug allows to read protected content from the memory of the server. This may include passwords and other sensible information transferred from or to the server.
  • I am using HTTPS all the time (a lock symbol is displayed in the address field of the browser), do I still have a problem? YES
  • Was this bug fixed? YES. We fixed the bug within hours after discovery.
  • What do I have to do? We advise strongly that you change your passwords in the user area of our webpage.
  • Have any files been stolen? According to our log files, no files have been downloaded by unauthorized persons. However, as it is possible that the account and password of the users have been intercepted, it is not possible to find out if the rightful owner was logged in.
  • How does BRACE avoid such security issues in the future? BRACE has always valued customer protection as the top priority. We will continue to monitor security issues closely and update our systems according to current security standards.

In case of doubt or questions, please do not hesitate to contact us via email or with the contact form.

Go back