Security Best Practices and How Recurly Supports You

The Internet and the digital world have brought immeasurable benefits to the world at large and transformed nearly every aspect of how we live and work. Unfortunately, in tandem with this evolution unscrupulous elements have emerged, intent on hacking into systems and stealing data for any number of nefarious ends. No entity is completely safe from the risk of hackers, viruses, malware and other weapons that attempt to compromise our systems.

Continue Reading

Two-Factor Authentication, User Roles, Anti-Fraud: With Recurly, Your Data is Secure

posted in:
Best Practices Security Fraud user roles

There’s no doubt that the internet has brought myriad and far-reaching benefits to people and organizations worldwide. Unfortunately, it’s also brought hackers, fraudsters, and other criminal elements intent on stealing our personal and financial information. They are relentless, exceedingly inventive, and always looking for the next exploitable vulnerability.

Continue Reading

Recurly’s Read-Only Access: Compliance, Security and Confidence

posted in:
Security compliance Product Update Read-Only

Read_only_blog_image.gifAt Recurly, we take pride in the fact that our application is both intuitive and accessible. But while every user in your organization can have access to your site via the Recurly app, we understand that not every user needs full access. With this in mind, we have made some changes to user management to help your company mitigate security risks and stay compliant with company policies.

Continue Reading

GHOST vulnerability (CVE-2015-0235) in popular Linux library glibc allows remote code execution

posted in:
Security

Scary_Ghost_iron_on_transfers

At Recurly we constantly monitor mailing lists, forums, IRC channels and many other places for vulnerabilities that may cause software we use as part of our platform to be insecure. We update software every day, usually within minutes of vulnerabilities being discovered. Today was no exception. We had our production systems patched within an hour of discovering the vulnerability in popular Linux library glibc. This is a write up of how we did it, and how to protect yourself.

 

Continue Reading

SSL v3 POODLE vulnerability - What Recurly is doing and how you can protect yourself

posted in:
Security

 

Today a new vulnerability was announced in SSLv3. The vulnerability allows attackers who might be in a position to execute a MITM (Man In The Middle) attack against a client to decrypt SSLv3 traffic. Luckily, SSLv3 hasn't been used by clients (web browsers) for a number of years now, replaced by TLS.

At Recurly we supported SSLv3 for backwards compatibility purposes. As it turns out, supporting SSLv3 as of today puts other clients at risk due to a MITM attack potentially forcing a client (web browser) to fall-back to SSLv3, thereby allowing them to disable encryption and view your website traffic. Today, in order to protect our clients we have removed the ability to use SSLv3 with Recurly and in turn, the ability for our clients to be exposed to this issue when using Recurly.

Continue Reading

New PCI Security Standard Clarifies Best Practices for Merchants

posted in:
Best Practices Security

Credit card industry requiring e-commerce companies to redouble efforts in safeguarding all aspects of their web operations against data theft

Continue Reading

Security News: OpenSSL Bug Impacts Most of Internet

As reported in the news this week, a major bug nick-named heartbleed was reported in OpenSSL, the open source cryptographic library used by websites around the world to protect users information being transmitted over the internet. The heartbleed bug impacted an estimated 2/3rds of all websites so we had to react quickly to ensure your data stayed safe.

Continue Reading

Ready to Get Started?

Request a Demo