365 Freelance not vulnerable to Heartbleed

Last week was very stressful to many online services providers as well as their end-users. Heartbleed suddenly became mainstream news and many companies are still dealing with the security breach. The bug allows an attacker to read the memory of systems running vulnerable versions of the OpenSSL software.

The 365 Freelance team is hugely relieved because our service is unaffected by the attack since we are based on Microsoft technologies (Microsoft Azure, IIS 7.5, Windows Server 8R2, etc.). Microsoft’s official statement is:

“Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.

We also want to assure our customers that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability.   Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.

This applies to all Windows operating systems and IIS versions, up to and including IIS 8.5 running on any of the following operating systems:

•             Windows Server 2003 and 2003R2
•             Windows Server 2008
•             Windows Server 2008R2
•             Windows Server 2012
•             Windows Server 2012R2”

Here are the 365 Freelance results for Heartbleed bug vulnerability:

Your data is safe with 365 Freelance (www.365freelance.com ) but if you’ve used the same username and password on some vulnerable sites, we do advise you to change your password on our site as well as the others. Simply log in to www.365freelance.com, go to Manage Profile and change your password there.