The Internet and the digital world have brought immeasurable benefits to the world at large and transformed nearly every aspect of how we live and work. Unfortunately, in tandem with this evolution unscrupulous elements have emerged, intent on hacking into systems and stealing data for any number of nefarious ends. No entity is completely safe from the risk of hackers, viruses, malware and other weapons that attempt to compromise our systems.Continue Reading
There’s no doubt that the internet has brought myriad and far-reaching benefits to people and organizations worldwide. Unfortunately, it’s also brought hackers, fraudsters, and other criminal elements intent on stealing our personal and financial information. They are relentless, exceedingly inventive, and always looking for the next exploitable vulnerability.Continue Reading
At Recurly, we take pride in the fact that our application is both intuitive and accessible. But while every user in your organization can have access to your site via the Recurly app, we understand that not every user needs full access. With this in mind, we have made some changes to user management to help your company mitigate security risks and stay compliant with company policies.Continue Reading
At Recurly we constantly monitor mailing lists, forums, IRC channels and many other places for vulnerabilities that may cause software we use as part of our platform to be insecure. We update software every day, usually within minutes of vulnerabilities being discovered. Today was no exception. We had our production systems patched within an hour of discovering the vulnerability in popular Linux library glibc. This is a write up of how we did it, and how to protect yourself.
Today a new vulnerability was announced in SSLv3. The vulnerability allows attackers who might be in a position to execute a MITM (Man In The Middle) attack against a client to decrypt SSLv3 traffic. Luckily, SSLv3 hasn't been used by clients (web browsers) for a number of years now, replaced by TLS.
At Recurly we supported SSLv3 for backwards compatibility purposes. As it turns out, supporting SSLv3 as of today puts other clients at risk due to a MITM attack potentially forcing a client (web browser) to fall-back to SSLv3, thereby allowing them to disable encryption and view your website traffic. Today, in order to protect our clients we have removed the ability to use SSLv3 with Recurly and in turn, the ability for our clients to be exposed to this issue when using Recurly.Continue Reading
Credit card industry requiring e-commerce companies to redouble efforts in safeguarding all aspects of their web operations against data theftContinue Reading
As reported in the news this week, a major bug nick-named heartbleed was reported in OpenSSL, the open source cryptographic library used by websites around the world to protect users information being transmitted over the internet. The heartbleed bug impacted an estimated 2/3rds of all websites so we had to react quickly to ensure your data stayed safe.Continue Reading