OpenSSL "Heartbleed" flaw.
Posted by Ken Densley, COO 10Star
A few customers have expressed concern over recent media reports of a potential security risk found in OpenSSL called the "Heartbleed" flaw. (a.k.a CVE-2014-0160)
At 10Star would like our customers to know that there is no danger to the security of our stores due to this open SSL flaw. For the most part, the current flaw is found in older versions of OpenSSL found on certain Unix/Linux based server systems that have not been patched.
We contract the programming and security updates of our shoping cart and online payments systems to qualified, competent providers who have assured us that the the vulnerability is not found on the servers operated by 10Star.