A Bleeding Heart in Live Chat Software?
On or around the 4th April 2014 people started murmuring about a massive security flaw, hitherto undiscovered, that pointed towards thousands of popular websites being in this vulnerable state for over 2 years. Interest grew but information was limited and the truth behind the Heartbleed bug began to bend and break under the weight of speculation.
A Bleeding Heart in Live Chat?
It wasn’t until the 7th April that information went public. [1] Codenomicon, The cybersecurity firm behind the discovery explained that the security flaw went unnoticed for 2 years because of the large amounts of work that had to go into this kind of manual testing.
Okay, but what exactly does this mean?
To paraphrase Condenomicon’s FAQ website on the Heartbleed bug, the problem lies with OpenSSL. This widely popular cryptographic software is ubiquitous in open source web servers like Apache and nginx – two of the most popular platforms on the web.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. Absolutely everything that SSL channel, from the names and passwords of the users to the actual content, is accessible. Millions of sites rely on SLL connections to transfer sensitive data; hackers can steal this straight from the services and use it to impersonate users.
The total number of affected sites is still something of a guessing game, but one GitHub member took a sample of over 10,000 sites and found that 17% of websites with SSL installed were vulnerable.
Is my live chat software at risk?
We can’t speak for other live chat providers, but Click4Assistance uses an alternative SSL implementation. Third party programs and tests from our engineers show that our software is 100% safe from the Heartbleed vulnerability. This includes your actual chats, archived chats, mid-chat file transfers, co-browsing session and other activities that are performed over our SSL connection. This means there is no need to change your Click4Assistance Toolbox password.
If you pass information from our live chat software on through other websites or programs, we recommend using the Heartbleed Test from Github to check they are secure.
Have any questions or concerns about the Click4Assistance Live Chat Software and Heartbleed bug? Don’t hesitate to contact us on 0845 123 5871 or via theteam@click4assistance.co.uk
[1] According to the heartbleed.com website