IceWarp has issued an update for its messaging server to protect its customers and Internet community from a critical defect in OpenSSL discovered Monday, April 7, 2014. The patch, created next day after the new vulnerability was identified, will prevent hackers from obtaining private keys, passwords, and other credentials that open access to sensitive data.
“IceWarp technology team compiled a new OpenSSL to neutralize this extremely dangerous bug,” says Ladislav Goc, president of IceWarp. “Now millions of our customers worldwide can continue to use our products with confidence.”
As a courtesy to all internet users, IceWarp provided a patch version of SSL library for any Windows product to the general public. “We strongly encourage organizations to protect their systems as soon as possible,” notes Mr. Goc.
According to Ars Technica’s writer Dan Goodin, the warning about the bug in OpenSSL went together with the release of version 1.0.1g of the open-source program, which is the default cryptographic library used in the Apache and nginx Web server applications, as well as a wide variety of operating systems and e-mail and instant-messaging clients. The bug, which has resided in production versions of OpenSSL for more than two years, could make it possible for people to recover the private encryption key at the heart of the digital certificates used to authenticate Internet servers and to encrypt data traveling between them and end users. Attacks, notes Mr. Goodin, leave no traces in server logs, so there's no way of knowing if the bug has been actively exploited.