We all worry about security, so with the news this week, we want to share with you what we received from Geotrust who supplies our Security Certificate as well as from our Ecommerce Cart Provider and PayPal’s assessment. If you have questions, please contact us either through our online support or by phone: 1 800 439 3551 International 001 408 245 5900 (Mon-Fri 9a.m. to 5p.m. Pacific Time)
PAYPAL – Does not use this software, therefore is not vulnerable. PayPal process ALL of our credit card transactions so your data is safe from this threat.
GeoTrust is aware of the vulnerability, dubbed “Heartbleed”, which is a security concern for users of OpenSSL, a widely-used opensource cryptographic software library. It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, which conceivably could include usernames and passwords of users or other data stored in server memory.To be clear, this is a vulnerability of the OpenSSL library, and not a flaw with SSL/TLS nor certificates issued by GeoTrust. At no time were GeoTrust’s SSL or Code-Signing roots and intermediates at risk, nor was there ever an issue with GeoTrust certificates.
Merchants have expressed concern over recent media reports of a potential security risk found in OpenSSL called the “Heartbleed” flaw. (a.k.a CVE-2014-0160)
We at 3dcart would like our merchants to know that there is no danger to the security of your stores due to this open SSL flaw.
For the most part, the current flaw is found in older versions of OpenSSL found on certain Unix/Linux based server systems that have not been patched. Rest assured that the the vulnerability is not found on the servers operated by 3dcart.’ Google